Skip to main content

Insecure Default Initialization of Resource

CVE-2022-24706

Severity High
Score 9.8/10

Summary

In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.

  • LOW
  • NETWORK
  • HIGH
  • UNCHANGED
  • NONE
  • NONE
  • HIGH
  • HIGH

CWE-1188 - Insecure Default Initialization of Resource

The software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.

References

Advisory Timeline

  • Published