CVE-2022-24706 log

Severity Critical
Remote Yes
Type Privilege escalation
An attacker can access an improperly secured default installation without authenticating and gain admin privileges.

CouchDB 3.2.2 and onwards will refuse to start with the former default Erlang cookie value of 'monster'. Installations that upgrade to this versions are forced to choose a different value.
In addition, all binary packages have been updated to bind epmd as well as the CouchDB distribution port to and/or ::1 respectively.
Group Package Affected Fixed Severity Status Ticket
AVG-2708 couchdb 3.2.1-1 3.2.2-2 Critical Not affected