Cybersecurity Threat Advisory 0027-22: Apache CouchDB Critical Privilege Escalation Vulnerability

Threat Update

Apache has released a patch for a critical remote privilege escalation vulnerability in Apache CouchDB 3.2.1 protocol. This vulnerability, if not patched, can allow threat actors to execute code on a targeted server or client without being authenticated. Barracuda MSP recommends updating the latest patch to all affected Apache products as soon as possible.

Technical Detail & Additional Information


A remote privilege escalation vulnerability exists in the Apache Couch DB 3.2.1 and below. An attacker can access an improperly secured default installation without authentication to gain admin privileges. The vulnerability leads to CouchDB opening a random network port, bound to all available interfaces and then a utility process called epmd advertises that random port to the network. epmd listens on a fixed port and once connected, the attacker will have full admin access.


This vulnerability exists in the current version 3.2.1 of Couch DB, a common service used primarily to collect and store data to simplify record management across various computing devices, mobile phones, and web browsers. Apache has had other remote execution vulnerabilities in the past, including the vulnerability that led to Equifax’s data breach back in 2017.


If this vulnerability were exploited, it would allow malicious actor(s) to execute any number of arbitrary codes as an admin user, giving them full control of the network and bypassing any security protocols that are in place. This can lead to ransomware events or a Business Email Compromise (BEC) incident, causing temporary or permanent loss of sensitive or proprietary information, disruption to regular operations, financial losses, and potential harm to an organization’s reputation.


Barracuda MSP recommends the following actions to limit the impact of a remote code execution attack:

  • Update Apache CouchDB to version 3.2.2 or newer.
  • Implement a firewall for CouchDB installations.
  • Keep all applications updated to enforce security measures


For more in-depth information about the recommendations, please visit the following links:

2.15. CVE-2022-24706: Apache CouchDB Remote Privilege Escalation — Apache CouchDB® 3.2 Documentation

Apache CouchDB JSON Remote Privilege Escalation Vulnerability – Vulnerabilities – Acunetix

2.14. CVE-2021-38295: Apache CouchDB Privilege Escalation — Apache CouchDB® 3.2 Documentation

Examining Apache Struts remote code execution vulnerabilities | Synopsys

Barracuda Solutions for Ransomware | Barracuda Networks

Apache CouchDB Explained | IBM

If you have any questions, please contact our Security Operations Center.

Threat Advisory Sign Up