Name | couchdb_default_cookie |
CVE | CVE-2022-24706 |
Exploit Pack | CANVAS |
Description | couchdb_default_cookie |
Notes | CVE Name: CVE-2022-24706 NOTES: CVE-2022-24706 allows unauthenticated, remote attackers to gain arbitrary code execution via the erlang distributed protocol on insecure, default installations of CouchDB < 3.2.2. Specifically by default the authentication cookie used by erlangdp is set to "monster", if this hasn't been changed then RCE is possible. Tested against: - CouchDB 3.2.1 CVE Url: https://nvd.nist.gov/vuln/detail/CVE-2022-24706 CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Date public: 04/26/2022 |
Learn more about the CANVAS Exploit Pack here: CANVAS |