admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-05 18:27:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create CVE-2022-24706.md

Browse Source 
add CVE-2022-24706
This commit is contained in:
Goby 2023-04-17 18:32:20 +08:00 committed by GitHub
parent 1b67ecfa31
commit ff14746aeb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
CVE-2022-24706.md Normal file
View File

@ -0,0 +1,12 @@
## Apache CouchDB Unauthenticated Remote Code Execution Vulnerability (CVE-2022-24706)
| **Vulnerability** | **Apache CouchDB Unauthenticated Remote Code Execution Vulnerability (CVE-2022-24706)** |
| :----: | :-----|
| **Chinese name** | Apache CouchDB 未认证远程代码执行漏洞 (CVE-2022-24706) |
| **CVSS core** | 9.8 |
| **FOFA Query** (click to view the results directly)| [banner=\"name couchdb at\"](https://en.fofa.info/result?qbase64=YmFubmVyPSJuYW1lIGNvdWNoZGIgYXQi) |
| **Number of assets affected** | 2817 |
| **Description** | Apache CouchDB is a document-oriented database system developed by the Apache Foundation using Erlang. An access control error vulnerability existed prior to Apache CouchDB 3.2.2 that stemmed from the ability of an attacker to access an incorrect default installation and gain administrator privileges without authenticating. |
| **Impact** | Attackers can use this vulnerability to arbitrarily execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server. |
![](https://s3.bmp.ovh/imgs/2023/04/17/66ab3b4f04224398.gif)