CISA Known Exploited Vulnerability

CVE-2022-24706

Apache · CouchDB

Apache CouchDB Insecure Default Initialization of Resource Vulnerability

Date added 2022-08-25

BOD 22-01 due date 2022-09-15

CWE CWE-1188

Ransomware Unknown

CISA description

Apache CouchDB contains an insecure default initialization of resource vulnerability which can allow an attacker to escalate to administrative privileges.

Required action

Apply updates per vendor instructions.

Notes & references

https://lists.apache.org/thread/w24wo0h8nlctfps65txvk0oc5hdcnv00
https://nvd.nist.gov/vuln/detail/CVE-2022-24706

Where this lands in 800-53

Vulnerability data triggers these controls during assessment and continuous monitoring.

RA-5 · Vulnerability Monitoring and Scanning
SI-2 · Flaw Remediation
CM-6 · Configuration Settings
SI-7 · Software, Firmware, and Information Integrity
CM-8 · System Component Inventory

External lookups

NVD · CVE-2022-24706
CVE.org · CVE-2022-24706
CISA KEV catalog (canonical)