According to the author the issue is already filed. Also, according to the author, the CouchDB security team response was like ‘it gonna be fixed eventually, in future release’, which, as I understand, was anything but satisfying and resulted in publication.
So it’s already widely public, and my post wasn’t about vulnerability. It was about ‘Shouldn’t that recommendation be emitted into the CouchDB installer?’. ermouth пн, 18 апр. 2022 г. в 15:11, Jan Lehnardt <j...@apache.org>: > Hi all, > > please follow the official and well documented guidelines for submitting > security related issues: https://docs.couchdb.org/en/stable/cve/index.html > > Thanks > Jan > — > Professional Support for Apache CouchDB: > https://neighbourhood.ie/couchdb-support/ > > 24/7 Observation for your CouchDB Instances: > https://opservatory.app > > > On 18. Apr 2022, at 13:25, ermouth <ermo...@gmail.com> wrote: > > > > One very popular Russian IT resource published a well written description > > of a known Erlang cookie vulnerability – with a recipe on how to exploit > it > > to gain control over Couch. > > > > Looks like the CouchDB manual isn’t very verbose about that issue, the > > only mention is a recommendation about protecting Erlang cookie if a user > > has 4369 open. > > > > Shouldn’t that recommendation be emitted into the CouchDB installer? > > > > ermouth > >
