Preface: NoSQL is used for Big data and real-time web apps. Perhaps if you can manage big data, you can rule the AI zone in future.
Background: NoSQL is used for Big data and real-time web apps. For example, companies like Twitter, Facebook and Google collect terabytes of user data every single day. There are many indexing data structures used in NoSQL databases. For example: B-Tree indexing, T-Tree indexing, and O2-Tree indexing…..
Vulnerability details: In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. An attacker can access an improperly secured default installation without authenticating and gain admin privileges.
- CouchDB opens a random network port, bound to all available interfaces in anticipation of clustered operation and/or runtime introspection. A utility process called epmd advertises that random port to the network.
Remark: epmd itself listens on a fixed port.
- CouchDB packaging previously chose a default cookie value for single-node as well as clustered installations. That cookie authenticates any communication between Erlang nodes
Workaround: The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.
Remediation: Upgrade to version 3.2.2.
Details: CouchDB 3.2.2 and onwards will refuse to start with the former default Erlang cookie value of
monster. Installations that upgrade to this versions are forced to choose a different value.
In addition, all binary packages have been updated to bind
well as the CouchDB distribution port to
Please refer to the link for details – https://www.openwall.com/lists/oss-security/2022/04/26/1