Original Issue Date: April 29, 2022
Severity Rating: CRITICAL
Software Affected
Apache Couch DB prior to version 3.2.2
Overview
A vulnerability has been reported in Apache CouchDB which could allow a remote attacker to gain full access on the targeted system.
Description
This vulnerability exists in Apache CouchDB due to default configuration exposes a random network port, bound to all available interfaces in anticipation of clustered operation and/or runtime introspection. A remote attacker could exploit this vulnerability by access an improperly secured default installation without authenticating and gain admin privileges.
Successful exploitation of this vulnerability could allow a remote attacker to gain full access on the targeted system.
Solution
Apply appropriate upgrade as mentioned below:
https://blog.couchdb.org/2022/04/ https://lists.apache.org/thread/w24wo0h8nlctfps65txvk0oc5hdcnv00