All the vulnerabilites related to couchbase - couchbase_server
Vulnerability from fkie_nvd
Published
2021-05-19 20:15
Modified
2024-11-21 05:58
Severity ?
Summary
An issue was discovered in Couchbase Server 6.x through 6.6.1. The Couchbase Server UI is insecurely logging session cookies in the logs. This allows for the impersonation of a user if the log files are obtained by an attacker before a session cookie expires.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.couchbase.com/downloads | Product, Vendor Advisory | |
| cve@mitre.org | https://www.couchbase.com/resources/security#SecurityAlerts | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.couchbase.com/downloads | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.couchbase.com/resources/security#SecurityAlerts | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| couchbase | couchbase_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46326B70-8962-45C7-A19F-BE1C4B9406C4",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Couchbase Server 6.x through 6.6.1. The Couchbase Server UI is insecurely logging session cookies in the logs. This allows for the impersonation of a user if the log files are obtained by an attacker before a session cookie expires."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Couchbase Server versiones 6.x hasta 6.6.1.\u0026#xa0;La Interfaz de Usuario de Couchbase Server est\u00e1 registrando cookies de sesi\u00f3n de forma no segura en los registros.\u0026#xa0;Esto permite la suplantaci\u00f3n de un usuario si los archivos de registro son obtenidos por un atacante antes de que la cookie de sesi\u00f3n expire"
}
],
"id": "CVE-2021-27924",
"lastModified": "2024-11-21T05:58:49.863",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-19T20:15:07.407",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.couchbase.com/downloads"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.couchbase.com/downloads"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-14 17:15
Modified
2024-11-21 07:06
Severity ?
Summary
An issue was discovered in Couchbase Server before 7.0.4. The Index Service does not enforce authentication for TCP/TLS servers.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.couchbase.com/server/current/release-notes/relnotes.html | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://forums.couchbase.com/tags/security | Vendor Advisory | |
| cve@mitre.org | https://www.couchbase.com/alerts | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.couchbase.com/server/current/release-notes/relnotes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forums.couchbase.com/tags/security | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.couchbase.com/alerts | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| couchbase | couchbase_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB0E3959-0E09-4C0B-AAF5-0F72523993D0",
"versionEndExcluding": "7.0.4",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Couchbase Server before 7.0.4. The Index Service does not enforce authentication for TCP/TLS servers."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Couchbase Server versiones anteriores a 7.0.4. El servicio de \u00edndices no aplica la autenticaci\u00f3n para los servidores TCP/TLS"
}
],
"id": "CVE-2022-32557",
"lastModified": "2024-11-21T07:06:37.683",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-14T17:15:08.610",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-13 23:15
Modified
2024-11-21 07:06
Severity ?
Summary
An issue was discovered in Couchbase Server before 7.0.4. The Backup Service log leaks unredacted usernames and document ids.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.couchbase.com/server/current/release-notes/relnotes.html | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://forums.couchbase.com/tags/security | Vendor Advisory | |
| cve@mitre.org | https://www.couchbase.com/alerts | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.couchbase.com/server/current/release-notes/relnotes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forums.couchbase.com/tags/security | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.couchbase.com/alerts | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| couchbase | couchbase_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E67A45DB-DA6C-4CE5-941F-0481461F414A",
"versionEndExcluding": "7.1.0",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Couchbase Server before 7.0.4. The Backup Service log leaks unredacted usernames and document ids."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Couchbase Server versiones anteriores a 7.0.4. El registro del servicio de copia de seguridad filtra nombres de usuario e identificadores de documentos no redactados"
}
],
"id": "CVE-2022-32565",
"lastModified": "2024-11-21T07:06:38.993",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-13T23:15:08.403",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-13 23:15
Modified
2024-11-21 07:05
Severity ?
Summary
Couchbase Server 5.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.couchbase.com/server/current/release-notes/relnotes.html | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.couchbase.com/alerts | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.couchbase.com/server/current/release-notes/relnotes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.couchbase.com/alerts | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| couchbase | couchbase_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0359036C-4D69-45D9-929B-19D36F8F6E41",
"versionEndExcluding": "7.0.4",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Couchbase Server 5.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor."
},
{
"lang": "es",
"value": "Couchbase Server versiones 5.x hasta 7.x anteriores a 7.0.4, expone Informaci\u00f3n Confidencial a un Actor no Autorizado"
}
],
"id": "CVE-2022-32192",
"lastModified": "2024-11-21T07:05:53.790",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-13T23:15:08.310",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-12 14:15
Modified
2024-11-21 07:08
Severity ?
Summary
An issue was discovered in Couchbase Server 7.x before 7.0.4. Field names are not redacted in logged validation messages for Analytics Service. An Unauthorized Actor may be able to obtain Sensitive Information.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.couchbase.com/server/current/release-notes/relnotes.html | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://forums.couchbase.com/tags/security | Vendor Advisory | |
| cve@mitre.org | https://www.couchbase.com/alerts | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.couchbase.com/server/current/release-notes/relnotes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forums.couchbase.com/tags/security | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.couchbase.com/alerts | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| couchbase | couchbase_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C275E6E9-2FD1-4244-9198-77E4EA448E4E",
"versionEndExcluding": "7.0.4",
"versionStartIncluding": "6.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Couchbase Server 7.x before 7.0.4. Field names are not redacted in logged validation messages for Analytics Service. An Unauthorized Actor may be able to obtain Sensitive Information."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Couchbase Server versiones 7.x anteriores a 7.0.4. Los nombres de los campos no est\u00e1n redactados en los mensajes de comprobaci\u00f3n registrados para el servicio de an\u00e1lisis. Un actor no autorizado puede obtener informaci\u00f3n confidencial"
}
],
"id": "CVE-2022-33911",
"lastModified": "2024-11-21T07:08:35.317",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-12T14:15:18.653",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-10 18:15
Modified
2024-11-21 04:21
Severity ?
Summary
In Couchbase Server 5.1.1, the cookie used for intra-node communication was not generated securely. Couchbase Server uses erlang:now() to seed the PRNG which results in a small search space for potential random seeds that could then be used to brute force the cookie and execute code against a remote system. This has been fixed in version 6.0.0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.couchbase.com/resources/security#SecurityAlerts | Broken Link, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.couchbase.com/resources/security#SecurityAlerts | Broken Link, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| couchbase | couchbase_server | 5.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58E4463C-BC06-4031-B659-DC5A0721CC81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Couchbase Server 5.1.1, the cookie used for intra-node communication was not generated securely. Couchbase Server uses erlang:now() to seed the PRNG which results in a small search space for potential random seeds that could then be used to brute force the cookie and execute code against a remote system. This has been fixed in version 6.0.0."
},
{
"lang": "es",
"value": "En Couchbase Server versi\u00f3n 5.1.1, la cookie utilizada para la comunicaci\u00f3n dentro del nodo no se genera de forma segura. Couchbase Server usa erlang:now() para generar el PRNG, lo que da como resultado un peque\u00f1o espacio de b\u00fasqueda de posibles semillas aleatorias que luego podr\u00edan usarse para realizar un ataque de fuerza bruta sobre la cookie y ejecutar el c\u00f3digo contra un sistema remoto. Esto se ha solucionado en la versi\u00f3n 6.0.0."
}
],
"id": "CVE-2019-11495",
"lastModified": "2024-11-21T04:21:12.060",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-10T18:15:12.463",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-335"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-10 17:15
Modified
2024-11-21 04:21
Severity ?
Summary
An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6.0.0. The Memcached "connections" stat block command emits a non-redacted username. The system information submitted to Couchbase as part of a bug report included the usernames for all users currently logged into the system even if the log was redacted for privacy. This has been fixed (in 5.5.4 and 6.0.1) so that usernames are tagged properly in the logs and are hashed out when the logs are redacted.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| couchbase | couchbase_server | * | |
| couchbase | couchbase_server | 6.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02B6FA78-D40A-4F44-9252-F0E04112108D",
"versionEndIncluding": "5.5.3",
"versionStartIncluding": "5.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0093AA60-8332-4A87-8D79-D1111C5C7ECD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6.0.0. The Memcached \"connections\" stat block command emits a non-redacted username. The system information submitted to Couchbase as part of a bug report included the usernames for all users currently logged into the system even if the log was redacted for privacy. This has been fixed (in 5.5.4 and 6.0.1) so that usernames are tagged properly in the logs and are hashed out when the logs are redacted."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Couchbase Server versiones 5.5.x hasta 5.5.3 y versi\u00f3n 6.0.0. El comando de bloque de estad\u00edsticas \"connections\" de Memcached emite un nombre de usuario no redactado. La informaci\u00f3n del sistema enviada a Couchbase como parte de un reporte de bug inclu\u00eda los nombres de usuario para todos usuarios que actualmente inician sesi\u00f3n en el sistema, incluso si el registro fue redactado para privacidad. Esto se ha solucionado (en las versiones 5.5.4 y 6.0.1) para que los nombres de usuario sean etiquetados apropiadamente en los registros y sean sacados del hash cuando los registros son redactados."
}
],
"id": "CVE-2019-11465",
"lastModified": "2024-11-21T04:21:08.073",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-10T17:15:11.453",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-16 22:15
Modified
2024-12-20 19:01
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chrome | * | ||
| fedoraproject | fedora | 38 | |
| fedoraproject | fedora | 39 | |
| couchbase | couchbase_server | * |
{
"cisaActionDue": "2024-02-07",
"cisaExploitAdd": "2024-01-17",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Google Chromium V8 Out-of-Bounds Memory Access Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1333551-8202-4042-AD12-C0767B189306",
"versionEndExcluding": "120.0.6099.224",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EF8247D-D1FA-4C35-88A3-0F0AF4F7DA15",
"versionEndExcluding": "7.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
},
{
"lang": "es",
"value": "El acceso a memoria fuera de los l\u00edmites en V8 en Google Chrome anterior a 120.0.6099.224 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)"
}
],
"id": "CVE-2024-0519",
"lastModified": "2024-12-20T19:01:11.000",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-01-16T22:15:37.753",
"references": [
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes"
],
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
],
"url": "https://crbug.com/1517354"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IIUBRVICICWREJQUVT67RS7E4PVZQ5RS/"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNN4SO5UI3U3Q6ASTVT6WMZ4723FYDLH/"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.couchbase.com/alerts/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://crbug.com/1517354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IIUBRVICICWREJQUVT67RS7E4PVZQ5RS/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNN4SO5UI3U3Q6ASTVT6WMZ4723FYDLH/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.couchbase.com/alerts/"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
},
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-14 19:15
Modified
2024-11-21 07:57
Severity ?
Summary
Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chrome | * | ||
| debian | debian_linux | 11.0 | |
| fedoraproject | fedora | 36 | |
| fedoraproject | fedora | 37 | |
| fedoraproject | fedora | 38 | |
| couchbase | couchbase_server | * | |
| couchbase | couchbase_server | 7.2.0 |
{
"cisaActionDue": "2023-05-08",
"cisaExploitAdd": "2023-04-17",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Google Chromium V8 Type Confusion Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A679C85-EF22-48D8-8298-28965D7B5A9D",
"versionEndExcluding": "112.0.5615.121",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D5763B2-C023-4C29-A30E-71B087A967DD",
"versionEndExcluding": "7.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FBF7BB41-6DE4-45D5-81FE-A3CC055853F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"id": "CVE-2023-2033",
"lastModified": "2024-11-21T07:57:47.943",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-14T19:15:09.453",
"references": [
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
],
"url": "https://crbug.com/1432210"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4AOSGAOPXLBK4A5ZRTVZ4M6QKVLSWMWG/"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ES2CDRHR2Y4WY6DNDIAPYZFXJU3ZBFAV/"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FEJZMAUB4XP44HSHEBDWEKFGA7DUHY42/"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHHD6KNH4WLUE6JG6HRQZWNAJMHJ32X7/"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJQI63HWZFL6M26Q6UOHKDY6LD2PFC5Z/"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLO7BL2MHZYPY6O3OAEAQL3SKYMGGO6M/"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202309-17"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.couchbase.com/alerts/"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5390"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://crbug.com/1432210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4AOSGAOPXLBK4A5ZRTVZ4M6QKVLSWMWG/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ES2CDRHR2Y4WY6DNDIAPYZFXJU3ZBFAV/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FEJZMAUB4XP44HSHEBDWEKFGA7DUHY42/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHHD6KNH4WLUE6JG6HRQZWNAJMHJ32X7/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJQI63HWZFL6M26Q6UOHKDY6LD2PFC5Z/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLO7BL2MHZYPY6O3OAEAQL3SKYMGGO6M/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202309-17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.couchbase.com/alerts/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5390"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-843"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-19 19:15
Modified
2024-11-21 05:55
Severity ?
Summary
An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta. Incorrect commands to the REST API can result in leaked authentication information being stored in cleartext in the debug.log and info.log files, and is also shown in the UI visible to administrators.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.couchbase.com/downloads | Product, Vendor Advisory | |
| cve@mitre.org | https://www.couchbase.com/resources/security#SecurityAlerts | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.couchbase.com/downloads | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.couchbase.com/resources/security#SecurityAlerts | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| couchbase | couchbase_server | * | |
| couchbase | couchbase_server | 7.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDB439D8-9F76-4071-91D7-DBC635DA029F",
"versionEndIncluding": "6.6.1",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:7.0.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "FF1669E5-DA58-4B59-A474-385D46D82510",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta. Incorrect commands to the REST API can result in leaked authentication information being stored in cleartext in the debug.log and info.log files, and is also shown in the UI visible to administrators."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Couchbase Server versiones 5.x y versiones 6.x hasta 6.6.1 y versi\u00f3n 7.0.0 Beta.\u0026#xa0;Unos comandos incorrectos de la API REST puede resultar que la informaci\u00f3n de autenticaci\u00f3n filtrada sea almacenada en texto sin cifrar en los archivos debug.log e info.log, y tambi\u00e9n sea mostrado en la Interfaz de Usuario visible para unos administradores"
}
],
"id": "CVE-2021-25644",
"lastModified": "2024-11-21T05:55:12.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-19T19:15:08.350",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.couchbase.com/downloads"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.couchbase.com/downloads"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-10 13:15
Modified
2024-11-21 05:55
Severity ?
Summary
An issue was discovered in Couchbase Server before 6.0.5, 6.1.x through 6.5.x before 6.5.2, and 6.6.x before 6.6.1. An internal user with administrator privileges, @ns_server, leaks credentials in cleartext in the cbcollect_info.log, debug.log, ns_couchdb.log, indexer.log, and stats.log files. NOTE: updating the product does not automatically address leaks that occurred in the past.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.couchbase.com/downloads | Product, Vendor Advisory | |
| cve@mitre.org | https://www.couchbase.com/resources/security#SecurityAlerts | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.couchbase.com/downloads | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.couchbase.com/resources/security#SecurityAlerts | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| couchbase | couchbase_server | * | |
| couchbase | couchbase_server | * | |
| couchbase | couchbase_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02950BDE-4B9F-4738-90ED-A785BBB3AC35",
"versionEndExcluding": "6.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6B6383A-237D-4460-B16A-040C0469D849",
"versionEndExcluding": "6.5.2",
"versionStartIncluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E4B2294-9C0C-4A02-B1D8-80DABC4D996E",
"versionEndExcluding": "6.6.1",
"versionStartIncluding": "6.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Couchbase Server before 6.0.5, 6.1.x through 6.5.x before 6.5.2, and 6.6.x before 6.6.1. An internal user with administrator privileges, @ns_server, leaks credentials in cleartext in the cbcollect_info.log, debug.log, ns_couchdb.log, indexer.log, and stats.log files. NOTE: updating the product does not automatically address leaks that occurred in the past."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Couchbase Server versiones anteriores a 6.0.5, 6.1.x hasta versiones 6.5.x anteriores a 6.5.2 y versiones 6.6.x anteriores a 6.6.1.\u0026#xa0;Un usuario interno con privilegios de administrador, @ns_server, filtra las credenciales en texto sin cifrar en los archivos cbcollect_info.log, debug.log, ns_couchdb.log, indexer.log y stats.log.\u0026#xa0;NOTA: la actualizaci\u00f3n del producto no soluciona autom\u00e1ticamente las filtraciones que ocurrieron en el pasado"
}
],
"id": "CVE-2021-25645",
"lastModified": "2024-11-21T05:55:12.293",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-10T13:15:09.157",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.couchbase.com/downloads"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.couchbase.com/downloads"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-29 20:15
Modified
2024-11-21 06:12
Severity ?
Summary
Couchbase Server 6.5.x, 6.6.0 through 6.6.2, and 7.0.0, has a Buffer Overflow. A specially crafted network packet sent from an attacker can crash memcached.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.couchbase.com/server/current/release-notes/relnotes.html | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.couchbase.com/alerts | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.couchbase.com/server/current/release-notes/relnotes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.couchbase.com/alerts | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| couchbase | couchbase_server | * | |
| couchbase | couchbase_server | * | |
| couchbase | couchbase_server | * | |
| couchbase | couchbase_server | * | |
| couchbase | couchbase_server | 7.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2994963-F444-43A2-9F25-C5803E7685A2",
"versionEndIncluding": "5.5.6",
"versionStartIncluding": "4.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F15E20E-C70C-41AE-AAC5-8381E1267921",
"versionEndIncluding": "6.0.5",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D16F2D-1B3A-49C6-BCD7-9F73DF9F4DC0",
"versionEndIncluding": "6.5.2",
"versionStartIncluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88351467-E888-40CF-A812-6A655418FB9D",
"versionEndIncluding": "6.6.2",
"versionStartIncluding": "6.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0961B152-BD49-4805-BB29-0E72107AA06C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Couchbase Server 6.5.x, 6.6.0 through 6.6.2, and 7.0.0, has a Buffer Overflow. A specially crafted network packet sent from an attacker can crash memcached."
},
{
"lang": "es",
"value": "Couchbase Server versiones 6.5.x, 6.6.0 hasta 6.6.2, y 7.0.0, presenta un desbordamiento del b\u00fafer. Un paquete de red especialmente dise\u00f1ado enviado por un atacante puede bloquear memcached"
}
],
"id": "CVE-2021-35945",
"lastModified": "2024-11-21T06:12:48.367",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-29T20:15:08.413",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-19 19:15
Modified
2024-09-24 19:08
Severity ?
Summary
Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earlier versions allows HTTP Host header injection.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.couchbase.com/server/current/release-notes/relnotes.html | Release Notes | |
| cve@mitre.org | https://forums.couchbase.com/tags/security | Issue Tracking | |
| cve@mitre.org | https://www.couchbase.com/alerts/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| couchbase | couchbase_server | * | |
| couchbase | couchbase_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "643693D1-A64C-4049-AC4F-BAB3F088597E",
"versionEndExcluding": "7.2.6",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93805CFF-CBA4-440C-92B8-2EF9B5FEE810",
"versionEndExcluding": "7.6.2",
"versionStartIncluding": "7.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earlier versions allows HTTP Host header injection."
},
{
"lang": "es",
"value": "Couchbase Server 7.6.x anterior a 7.6.2, 7.2.x anterior a 7.2.6 y todas las versiones anteriores permiten la inyecci\u00f3n de encabezado de host HTTP."
}
],
"id": "CVE-2024-25673",
"lastModified": "2024-09-24T19:08:32.737",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-19T19:15:24.093",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-14 17:15
Modified
2024-11-21 07:06
Severity ?
Summary
An issue was discovered in Couchbase Server before 7.0.4. Random HTTP requests lead to leaked metrics.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.couchbase.com/server/current/release-notes/relnotes.html | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://forums.couchbase.com/tags/security | Vendor Advisory | |
| cve@mitre.org | https://www.couchbase.com/alerts | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.couchbase.com/server/current/release-notes/relnotes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forums.couchbase.com/tags/security | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.couchbase.com/alerts | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| couchbase | couchbase_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB0E3959-0E09-4C0B-AAF5-0F72523993D0",
"versionEndExcluding": "7.0.4",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Couchbase Server before 7.0.4. Random HTTP requests lead to leaked metrics."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Couchbase Server versiones anteriores a 7.0.4. Las peticiones HTTP aleatorias conllevan a una filtraci\u00f3n de m\u00e9tricas"
}
],
"id": "CVE-2022-32559",
"lastModified": "2024-11-21T07:06:37.983",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-14T17:15:08.657",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-19 19:15
Modified
2024-11-21 05:58
Severity ?
Summary
An issue was discovered in Couchbase Server 6.5.x and 6.6.x through 6.6.1. When using the View Engine and Auditing is enabled, a crash condition can (depending on a race condition) cause an internal user with administrator privileges, @ns_server, to have its credentials leaked in cleartext in the ns_server.info.log file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.couchbase.com/downloads | Product, Vendor Advisory | |
| cve@mitre.org | https://www.couchbase.com/resources/security#SecurityAlerts | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.couchbase.com/downloads | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.couchbase.com/resources/security#SecurityAlerts | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| couchbase | couchbase_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF3DAA2-BF57-412A-84CC-B56172426027",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "6.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Couchbase Server 6.5.x and 6.6.x through 6.6.1. When using the View Engine and Auditing is enabled, a crash condition can (depending on a race condition) cause an internal user with administrator privileges, @ns_server, to have its credentials leaked in cleartext in the ns_server.info.log file."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Couchbase Server versiones 6.5.x y versiones 6.6.x hasta 6.6.1.\u0026#xa0;Cuando est\u00e1 habilitado el uso de View Engine y Auditing, una condici\u00f3n de bloqueo puede (dependiendo de una condici\u00f3n de carrera) causar a un usuario interno con privilegios de administrador, @ns_server, tener sus credenciales filtradas en texto sin cifrar en el archivo ns_server.info.log"
}
],
"id": "CVE-2021-27925",
"lastModified": "2024-11-21T05:58:50.057",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-19T19:15:08.387",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.couchbase.com/downloads"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.couchbase.com/downloads"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-22 02:15
Modified
2024-11-21 05:39
Severity ?
Summary
Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6.5, 5.0.0, 5.1.1, 5.5.0 and 5.5.1 have Insecure Permissions for the projector and indexer REST endpoints (they allow unauthenticated access).The /settings REST endpoint exposed by the projector process is an endpoint that administrators can use for various tasks such as updating configuration and collecting performance profiles. The endpoint was unauthenticated and has been updated to only allow authenticated users to access these administrative APIs.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| couchbase | couchbase_server | * | |
| couchbase | couchbase_server | 4.0.0 | |
| couchbase | couchbase_server | 4.1.0 | |
| couchbase | couchbase_server | 4.1.1 | |
| couchbase | couchbase_server | 4.5.0 | |
| couchbase | couchbase_server | 4.5.1 | |
| couchbase | couchbase_server | 5.0.0 | |
| couchbase | couchbase_server | 5.1.1 | |
| couchbase | couchbase_server | 5.5.0 | |
| couchbase | couchbase_server | 5.5.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9C2B2CC-E977-46ED-BB24-B389CD74E11F",
"versionEndIncluding": "4.6.5",
"versionStartIncluding": "4.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2A7E985C-D948-477B-8FDC-0871EC4FCA99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EFC3ED67-FB26-4DBB-B930-DD45B361A3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B6D0276-99C9-40E0-9CAB-FEE3F83D9DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B35376AE-929E-4295-B93A-8A9D55139404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27EDF1ED-FAAE-4499-9455-CE181EFC3525",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2008B5F0-AE95-4F6D-89AD-451B7E2A0341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58E4463C-BC06-4031-B659-DC5A0721CC81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BFEE047D-53C8-4851-A814-57125B21E01A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60E6AC40-03E4-4C7E-985A-B1F3C5E7815F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6.5, 5.0.0, 5.1.1, 5.5.0 and 5.5.1 have Insecure Permissions for the projector and indexer REST endpoints (they allow unauthenticated access).The /settings REST endpoint exposed by the projector process is an endpoint that administrators can use for various tasks such as updating configuration and collecting performance profiles. The endpoint was unauthenticated and has been updated to only allow authenticated users to access these administrative APIs."
},
{
"lang": "es",
"value": "Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 a 4.6.5, 5.0.0, 5.1.1, 5.5.0 y 5.5.1 tienen permisos inseguros para puntos finales REST del proyector y del indexador (permiten el acceso no autenticado). El punto final REST / settings expuesto por el proceso del proyector es un punto final que los administradores pueden usar para diversas tareas, como actualizar la configuraci\u00f3n y recopilar perfiles de rendimiento. El punto final no se autentic\u00f3 y se actualiz\u00f3 para permitir solo a los usuarios autenticados acceder a estas API administrativas."
}
],
"id": "CVE-2020-9039",
"lastModified": "2024-11-21T05:39:52.760",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-22T02:15:10.617",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-05 21:15
Modified
2024-11-21 08:37
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2023-50782 | Vendor Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2254432 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/CVE-2023-50782 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2254432 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.couchbase.com/alerts/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | ansible_automation_platform | 2.0 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 | |
| redhat | update_infrastructure | 4 | |
| cryptography.io | cryptography | * | |
| couchbase | couchbase_server | 7.6.0 | |
| couchbase | couchbase_server | 7.6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:ansible_automation_platform:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B4BE2D6-43C3-4065-A213-5DB1325DC78F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:update_infrastructure:4:*:*:*:*:*:*:*",
"matchCriteriaId": "E8D92E10-0E79-479F-A963-5657D1BC4E03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cryptography.io:cryptography:*:*:*:*:*:python:*:*",
"matchCriteriaId": "A7B7EA1D-8C2A-4C40-B9FC-E83F4E87C62B",
"versionEndExcluding": "42.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DE39595E-F4B2-4CEC-A405-809B75E71E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B84B0C96-07C4-44ED-A291-94CEAAF6FFB6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en el paquete python-cryptography. Este problema puede permitir que un atacante remoto descifre mensajes capturados en servidores TLS que utilizan intercambios de claves RSA, lo que puede provocar la exposici\u00f3n de datos confidenciales o sensibles."
}
],
"id": "CVE-2023-50782",
"lastModified": "2024-11-21T08:37:18.337",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-05T21:15:11.183",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-50782"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254432"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-50782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254432"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.couchbase.com/alerts/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-208"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-02 12:15
Modified
2024-11-21 06:28
Severity ?
Summary
Couchbase Server before 6.6.3 and 7.x before 7.0.2 stores Sensitive Information in Cleartext. The issue occurs when the cluster manager forwards a HTTP request from the pluggable UI (query workbench etc) to the specific service. In the backtrace, the Basic Auth Header included in the HTTP request, has the "@" user credentials of the node processing the UI request.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.couchbase.com/server/current/release-notes/relnotes.html | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.couchbase.com/alerts | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.couchbase.com/server/current/release-notes/relnotes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.couchbase.com/alerts | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| couchbase | couchbase_server | * | |
| couchbase | couchbase_server | * | |
| couchbase | couchbase_server | * | |
| couchbase | couchbase_server | 7.0.0 | |
| couchbase | couchbase_server | 7.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "822D5705-403C-42B6-A7F4-F1B96DCDA2F6",
"versionEndExcluding": "4.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3178055C-9670-4D79-932A-07F139F5F922",
"versionEndExcluding": "6.1.0",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7C23D79-2B15-45A5-B5FB-DB0354A108D4",
"versionEndIncluding": "6.6.2",
"versionStartIncluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:7.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "467A5F09-0E97-4BA8-933A-14F819D127A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DDBFEB5B-7BF8-456B-84A2-8A8656470F6A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Couchbase Server before 6.6.3 and 7.x before 7.0.2 stores Sensitive Information in Cleartext. The issue occurs when the cluster manager forwards a HTTP request from the pluggable UI (query workbench etc) to the specific service. In the backtrace, the Basic Auth Header included in the HTTP request, has the \"@\" user credentials of the node processing the UI request."
},
{
"lang": "es",
"value": "Couchbase Server versiones anteriores a 6.6.3 y 7.x anteriores a 7.0.2, almacena informaci\u00f3n confidencial en texto sin cifrar. El problema se produce cuando el administrador de cl\u00fasteres reenv\u00eda una petici\u00f3n HTTP desde la UI pluggable (query workbench, etc.) al servicio espec\u00edfico. En el backtrace, el Basic Auth Header incluido en la petici\u00f3n HTTP, presenta las credenciales de usuario \"@\" del nodo que procesa la petici\u00f3n de UI"
}
],
"id": "CVE-2021-42763",
"lastModified": "2024-11-21T06:28:07.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-02T12:15:07.837",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-10 17:15
Modified
2024-11-21 04:21
Severity ?
Summary
Some enterprises require that REST API endpoints include security-related headers in REST responses. Headers such as X-Frame-Options and X-Content-Type-Options are generally advisable, however some information security professionals additionally look for X-Permitted-Cross-Domain-Policies and X-XSS-Protection, which are more generally applicable to HTML endpoint, to be included too. These headers were not included in Couchbase Server 5.5.0 and 5.1.2 . They are now included in version 6.0.2 in responses from the Couchbase Server Views REST API (port 8092).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| couchbase | couchbase_server | 5.1.2 | |
| couchbase | couchbase_server | 5.5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F798B2A1-6CFC-4105-B20D-5691282F5E54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BFEE047D-53C8-4851-A814-57125B21E01A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Some enterprises require that REST API endpoints include security-related headers in REST responses. Headers such as X-Frame-Options and X-Content-Type-Options are generally advisable, however some information security professionals additionally look for X-Permitted-Cross-Domain-Policies and X-XSS-Protection, which are more generally applicable to HTML endpoint, to be included too. These headers were not included in Couchbase Server 5.5.0 and 5.1.2 . They are now included in version 6.0.2 in responses from the Couchbase Server Views REST API (port 8092)."
},
{
"lang": "es",
"value": "Algunas empresas requieren que los puntos finales API REST incluyan encabezados relacionados con la seguridad en las respuestas REST. Los encabezados como X-Frame-Options y X-Content-Type-Options son generalmente recomendables, sin embargo, algunos profesionales de seguridad de la informaci\u00f3n tambi\u00e9n buscan X-Permitted-Cross-Domain-Policies y X-XSS-Protection, que son m\u00e1s generalmente aplicables a Punto final HTML, para ser incluido tambi\u00e9n. Estos encabezados no se incluyeron en Couchbase Server 5.5.0 y 5.1.2. Ahora se incluyen en la versi\u00f3n 6.0.2 en las respuestas de la API REST de Couchbase Server Views (puerto 8092)."
}
],
"id": "CVE-2019-11464",
"lastModified": "2024-11-21T04:21:07.940",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-10T17:15:11.407",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-10 18:15
Modified
2024-11-21 04:21
Severity ?
Summary
In Couchbase Server 6.0.0 and 5.5.0, the eventing service exposes system diagnostic profile via an HTTP endpoint that does not require credentials on a port earmarked for internal traffic only. This has been remedied in version 6.0.1 and now requires valid credentials to access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| couchbase | couchbase_server | 5.5.0 | |
| couchbase | couchbase_server | 6.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BFEE047D-53C8-4851-A814-57125B21E01A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0093AA60-8332-4A87-8D79-D1111C5C7ECD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Couchbase Server 6.0.0 and 5.5.0, the eventing service exposes system diagnostic profile via an HTTP endpoint that does not require credentials on a port earmarked for internal traffic only. This has been remedied in version 6.0.1 and now requires valid credentials to access."
},
{
"lang": "es",
"value": "En Couchbase Server versiones 6.0.0 y 5.5.0, el servicio de eventos expone el perfil de diagn\u00f3stico del sistema a trav\u00e9s de un punto final HTTP que no requiere credenciales en un puerto destinado solo para tr\u00e1fico interno. Esto se solucion\u00f3 en la versi\u00f3n 6.0.1 y ahora requiere credenciales v\u00e1lidas para acceder."
}
],
"id": "CVE-2019-11466",
"lastModified": "2024-11-21T04:21:08.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-10T18:15:12.307",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-02 12:15
Modified
2024-11-21 06:15
Severity ?
Summary
metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, which is being logged, has a tombstone purger time-stamp attached to it.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.couchbase.com/server/current/release-notes/relnotes.html | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.couchbase.com/alerts | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.couchbase.com/server/current/release-notes/relnotes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.couchbase.com/alerts | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| couchbase | couchbase_server | 7.0.0 | |
| couchbase | couchbase_server | 7.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:7.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "467A5F09-0E97-4BA8-933A-14F819D127A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:7.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "930EF10B-3A95-4583-8DE1-84434C62A2E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, which is being logged, has a tombstone purger time-stamp attached to it."
},
{
"lang": "es",
"value": "metakv en Couchbase Server versi\u00f3n 7.0.0, usa texto sin Cifrar para el almacenamiento de informaci\u00f3n confidencial. Las credenciales de cluster remoto XDCR pueden filtrarse en los registros de depuraci\u00f3n. Se ha a\u00f1adido la purga de claves de configuraci\u00f3n en Couchbase Server versi\u00f3n 7.0.0. Este problema se produce cuando una clave de configuraci\u00f3n, que se est\u00e1 registrando, presenta una marca de tiempo de purga de tumbas adjunta"
}
],
"id": "CVE-2021-37842",
"lastModified": "2024-11-21T06:15:57.527",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-02T12:15:07.773",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-13 21:15
Modified
2024-11-21 07:06
Severity ?
Summary
An issue was discovered in Couchbase Server before 7.0.4. In couchbase-cli, server-eshell leaks the Cluster Manager cookie.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.couchbase.com/server/current/release-notes/relnotes.html | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://forums.couchbase.com/tags/security | Vendor Advisory | |
| cve@mitre.org | https://www.couchbase.com/alerts | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.couchbase.com/server/current/release-notes/relnotes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forums.couchbase.com/tags/security | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.couchbase.com/alerts | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| couchbase | couchbase_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4C5984E-11D2-45CE-8C88-CB29EC4B68FC",
"versionEndExcluding": "7.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Couchbase Server before 7.0.4. In couchbase-cli, server-eshell leaks the Cluster Manager cookie."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Couchbase Server versiones anteriores a 7.0.4. En couchbase-cli, server-eshell filtra la cookie de Cluster Manager"
}
],
"id": "CVE-2022-32564",
"lastModified": "2024-11-21T07:06:38.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-13T21:15:08.147",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-29 20:15
Modified
2024-11-21 06:12
Severity ?
Summary
Couchbase Server 6.5.x, 6.6.x through 6.6.2, and 7.0.0 has a Buffer Overflow. A specially crafted network packet sent from an attacker can crash memcached.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.couchbase.com/server/current/release-notes/relnotes.html | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.couchbase.com/alerts | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.couchbase.com/server/current/release-notes/relnotes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.couchbase.com/alerts | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| couchbase | couchbase_server | * | |
| couchbase | couchbase_server | * | |
| couchbase | couchbase_server | 7.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D16F2D-1B3A-49C6-BCD7-9F73DF9F4DC0",
"versionEndIncluding": "6.5.2",
"versionStartIncluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88351467-E888-40CF-A812-6A655418FB9D",
"versionEndIncluding": "6.6.2",
"versionStartIncluding": "6.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0961B152-BD49-4805-BB29-0E72107AA06C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Couchbase Server 6.5.x, 6.6.x through 6.6.2, and 7.0.0 has a Buffer Overflow. A specially crafted network packet sent from an attacker can crash memcached."
},
{
"lang": "es",
"value": "Couchbase Server versiones 6.5.x, 6.6.x hasta 6.6.2, y 7.0.0, presenta un desbordamiento del b\u00fafer. Un paquete de red especialmente dise\u00f1ado enviado por un atacante puede bloquear memcached"
}
],
"id": "CVE-2021-35944",
"lastModified": "2024-11-21T06:12:48.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-29T20:15:08.370",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-10 18:15
Modified
2024-11-21 04:21
Severity ?
Summary
In versions of Couchbase Server prior to 5.0, the bucket named "default" was a special bucket that allowed read and write access without authentication. As part of 5.0, the behavior of all buckets including "default" were changed to only allow access by authenticated users with sufficient authorization. However, users were allowed unauthenticated and unauthorized access to the "default" bucket if the properties of this bucket were edited. This has been fixed in versions 5.1.0 and 5.5.0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| couchbase | couchbase_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FACC4DE4-23B1-4249-B5F6-C752DBF6B04F",
"versionEndIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In versions of Couchbase Server prior to 5.0, the bucket named \"default\" was a special bucket that allowed read and write access without authentication. As part of 5.0, the behavior of all buckets including \"default\" were changed to only allow access by authenticated users with sufficient authorization. However, users were allowed unauthenticated and unauthorized access to the \"default\" bucket if the properties of this bucket were edited. This has been fixed in versions 5.1.0 and 5.5.0."
},
{
"lang": "es",
"value": "En las versiones de Couchbase Server anteriores a la version 5.0, el dep\u00f3sito denominado \"predeterminado\" era un dep\u00f3sito especial que permit\u00eda el acceso de lectura y escritura sin autenticaci\u00f3n. Como parte de 5.0, el comportamiento de todos los dep\u00f3sitos, incluido el \"predeterminado\", se modific\u00f3 para permitir solo el acceso de usuarios autenticados con autorizaci\u00f3n suficiente. Sin embargo, a los usuarios se les permit\u00eda el acceso no autenticado y no autorizado al dep\u00f3sito \"predeterminado\" si se editaban las propiedades de este dep\u00f3sito. Esto se ha solucionado en las versiones 5.1.0 y 5.5.0."
}
],
"id": "CVE-2019-11496",
"lastModified": "2024-11-21T04:21:12.203",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-10T18:15:12.557",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-13 21:15
Modified
2024-11-21 07:06
Severity ?
Summary
An issue was discovered in Couchbase Server before 7.0.4. XDCR lacks role checking when changing internal settings.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.couchbase.com/server/current/release-notes/relnotes.html | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://forums.couchbase.com/tags/security | Vendor Advisory | |
| cve@mitre.org | https://www.couchbase.com/alerts | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.couchbase.com/server/current/release-notes/relnotes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forums.couchbase.com/tags/security | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.couchbase.com/alerts | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| couchbase | couchbase_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB0E3959-0E09-4C0B-AAF5-0F72523993D0",
"versionEndExcluding": "7.0.4",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Couchbase Server before 7.0.4. XDCR lacks role checking when changing internal settings."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Couchbase Server versiones anteriores a 7.0.4. XDCR carece de comprobaci\u00f3n de roles cuando es cambiada la configuraci\u00f3n interna"
}
],
"id": "CVE-2022-32560",
"lastModified": "2024-11-21T07:06:38.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-13T21:15:08.067",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-12 14:15
Modified
2024-11-21 07:07
Severity ?
Summary
An algorithm-downgrade issue was discovered in Couchbase Server before 7.0.4. Analytics Remote Links may temporarily downgrade to non-TLS connection to determine the TLS port number, using SCRAM-SHA instead.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.couchbase.com/server/current/release-notes/relnotes.html | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://forums.couchbase.com/tags/security | Vendor Advisory | |
| cve@mitre.org | https://www.couchbase.com/alerts | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.couchbase.com/server/current/release-notes/relnotes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forums.couchbase.com/tags/security | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.couchbase.com/alerts | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| couchbase | couchbase_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84F3FF91-0107-4ADB-87EC-1FB4F0344123",
"versionEndExcluding": "7.0.4",
"versionStartIncluding": "6.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An algorithm-downgrade issue was discovered in Couchbase Server before 7.0.4. Analytics Remote Links may temporarily downgrade to non-TLS connection to determine the TLS port number, using SCRAM-SHA instead."
},
{
"lang": "es",
"value": "Se ha detectado un problema de degradaci\u00f3n de algoritmos en Couchbase Server versiones anteriores a 7.0.4. Analytics Remote Links puede degradar temporalmente a una conexi\u00f3n no TLS para determinar el n\u00famero de puerto TLS, usando SCRAM-SHA en su lugar"
}
],
"id": "CVE-2022-33173",
"lastModified": "2024-11-21T07:07:39.017",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-12T14:15:16.977",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-21 12:15
Modified
2024-11-21 07:06
Severity ?
Summary
An issue was discovered in Couchbase Server before 7.0.4. A private key is leaked to the log files with certain crashes.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.couchbase.com/server/current/release-notes/relnotes.html | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://forums.couchbase.com/tags/security | Vendor Advisory | |
| cve@mitre.org | https://www.couchbase.com/alerts | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.couchbase.com/server/current/release-notes/relnotes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forums.couchbase.com/tags/security | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.couchbase.com/alerts | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| couchbase | couchbase_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBDFAB1A-A8C8-40B0-9564-D92324F15076",
"versionEndExcluding": "7.1.1",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Couchbase Server before 7.0.4. A private key is leaked to the log files with certain crashes."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Couchbase Server versiones anteriores a 7.0.4. Una clave privada es filtrada a los archivos de registro con determinados bloqueos"
}
],
"id": "CVE-2022-32556",
"lastModified": "2024-11-21T07:06:37.533",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-21T12:15:08.300",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-26 22:15
Modified
2024-11-21 09:23
Severity ?
Summary
An issue was discovered in Couchbase Server before 7.2.5 and 7.6.0 before 7.6.1. It does not ensure that credentials are negotiated with the Key-Value (KV) service using SCRAM-SHA when remote link encryption is configured for Half-Secure.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.couchbase.com/alerts/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.couchbase.com/alerts/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| couchbase | couchbase_server | * | |
| couchbase | couchbase_server | 7.6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AEEFC817-AC31-4F5C-BE0A-CFEA96728D2E",
"versionEndExcluding": "7.2.5",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DE39595E-F4B2-4CEC-A405-809B75E71E36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Couchbase Server before 7.2.5 and 7.6.0 before 7.6.1. It does not ensure that credentials are negotiated with the Key-Value (KV) service using SCRAM-SHA when remote link encryption is configured for Half-Secure."
},
{
"lang": "es",
"value": " Se descubri\u00f3 un problema en Couchbase Server anterior a 7.2.5 y 7.6.0 anterior a 7.6.1. No garantiza que las credenciales se negocien con el servicio Key-Value (KV) mediante SCRAM-SHA cuando el cifrado de enlace remoto est\u00e1 configurado para Half-Secure."
}
],
"id": "CVE-2024-37034",
"lastModified": "2024-11-21T09:23:05.303",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-26T22:15:03.853",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-326"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-13 23:15
Modified
2024-11-21 07:06
Severity ?
Summary
An issue was discovered in Couchbase Server before 7.0.4. Operations may succeed on a collection using stale RBAC permission.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.couchbase.com/server/current/release-notes/relnotes.html | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://forums.couchbase.com/tags/security | Vendor Advisory | |
| cve@mitre.org | https://www.couchbase.com/alerts | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.couchbase.com/server/current/release-notes/relnotes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forums.couchbase.com/tags/security | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.couchbase.com/alerts | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| couchbase | couchbase_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20C58D69-C53D-4B83-9178-5E6FA45BE6C4",
"versionEndIncluding": "7.0.4",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Couchbase Server before 7.0.4. Operations may succeed on a collection using stale RBAC permission."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Couchbase Server versiones anteriores a 7.0.4. Las operaciones pueden tener \u00e9xito en una colecci\u00f3n usando un permiso RBAC antiguo"
}
],
"id": "CVE-2022-32562",
"lastModified": "2024-11-21T07:06:38.533",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-13T23:15:08.357",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-11-12 21:15
Modified
2024-11-21 05:15
Severity ?
Summary
Exposed Erlang Cookie could lead to Remote Command Execution (RCE) attack. Communication between Erlang nodes is done by exchanging a shared secret (aka "magic cookie"). There are cases where the magic cookie is included in the content of the logs. An attacker can use the cookie to attach to an Erlang node and run OS level commands on the system running the Erlang node. Affects version: 6.5.1. Fix version: 6.6.0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| couchbase | couchbase_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C2FB952-523E-4842-81F8-B6B7E099F100",
"versionEndExcluding": "6.6.0",
"versionStartIncluding": "6.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Exposed Erlang Cookie could lead to Remote Command Execution (RCE) attack. Communication between Erlang nodes is done by exchanging a shared secret (aka \"magic cookie\"). There are cases where the magic cookie is included in the content of the logs. An attacker can use the cookie to attach to an Erlang node and run OS level commands on the system running the Erlang node. Affects version: 6.5.1. Fix version: 6.6.0."
},
{
"lang": "es",
"value": "Una Cookie de Erlang expuesta podr\u00eda conllevar a un ataque de Ejecuci\u00f3n de Comando Remota (RCE).\u0026#xa0;La comunicaci\u00f3n entre los nodos de Erlang se realiza mediante el intercambio de un secreto compartido (tambi\u00e9n se conoce como \"magic cookie\").\u0026#xa0;Existen casos en los que la magic cookie se incluye en el contenido de los registros.\u0026#xa0;Un atacante puede usar la cookie para adjuntar a un nodo Erlang y ejecutar comandos a nivel de Sistema Operativo en el sistema que ejecuta el nodo Erlang.\u0026#xa0;Afecta a la versi\u00f3n: 6.5.1.\u0026#xa0;Versi\u00f3n corregida: 6.6.0"
}
],
"id": "CVE-2020-24719",
"lastModified": "2024-11-21T05:15:57.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-12T21:15:10.917",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/resources/security#VulnerabilityReporting"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/resources/security#VulnerabilityReporting"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-15 12:15
Modified
2024-11-21 07:10
Severity ?
Summary
In Couchbase Server 7.1.x before 7.1.1, an encrypted Private Key passphrase may be leaked in the logs.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.couchbase.com/alerts | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.couchbase.com/alerts | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| couchbase | couchbase_server | 7.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA6E7774-F437-4499-BB27-CF197441EC44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Couchbase Server 7.1.x before 7.1.1, an encrypted Private Key passphrase may be leaked in the logs."
},
{
"lang": "es",
"value": "En Couchbase Server versiones 7.1.x anteriores a 7.1.1, una frase de contrase\u00f1a encriptada de la clave privada puede filtrarse en los registros"
}
],
"id": "CVE-2022-34826",
"lastModified": "2024-11-21T07:10:15.870",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-15T12:15:09.067",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-08 16:15
Modified
2024-11-21 05:39
Severity ?
Summary
In Couchbase Server 6.0, credentials cached by a browser can be used to perform a CSRF attack if an administrator has used their browser to check the results of a REST API request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| couchbase | couchbase_server | 6.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0093AA60-8332-4A87-8D79-D1111C5C7ECD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Couchbase Server 6.0, credentials cached by a browser can be used to perform a CSRF attack if an administrator has used their browser to check the results of a REST API request."
},
{
"lang": "es",
"value": "En Couchbase Server versi\u00f3n 6.0, las credenciales almacenadas en memoria cach\u00e9 por un navegador pueden ser usadas para llevar a cabo un ataque de tipo CSRF si un administrador ha usado su navegador para comprobar los resultados de una petici\u00f3n de la API REST"
}
],
"id": "CVE-2020-9042",
"lastModified": "2024-11-21T05:39:53.120",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-08T16:15:10.417",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-10 18:15
Modified
2024-11-21 04:21
Severity ?
Summary
In Couchbase Server 5.0.0, when an invalid Remote Cluster Certificate was entered as part of the reference creation, XDCR did not parse and check the certificate signature. It then accepted the invalid certificate and attempted to use it to establish future connections to the remote cluster. This has been fixed in version 5.5.0. XDCR now checks the validity of the certificate thoroughly and prevents a remote cluster reference from being created with an invalid certificate.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| couchbase | couchbase_server | 5.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2008B5F0-AE95-4F6D-89AD-451B7E2A0341",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Couchbase Server 5.0.0, when an invalid Remote Cluster Certificate was entered as part of the reference creation, XDCR did not parse and check the certificate signature. It then accepted the invalid certificate and attempted to use it to establish future connections to the remote cluster. This has been fixed in version 5.5.0. XDCR now checks the validity of the certificate thoroughly and prevents a remote cluster reference from being created with an invalid certificate."
},
{
"lang": "es",
"value": "En Couchbase Server versi\u00f3n 5.0.0, cuando se ingres\u00f3 un Certificado de cl\u00faster remoto no v\u00e1lido como parte de la creaci\u00f3n de referencia, XDCR no analiz\u00f3 ni verific\u00f3 la firma del certificado. Luego acept\u00f3 el certificado no v\u00e1lido e intent\u00f3 usarlo para establecer conexiones futuras al cl\u00faster remoto. Esto se ha solucionado en la versi\u00f3n 5.5.0. XDCR ahora verifica la validez del certificado a fondo y evita que se cree una referencia de cl\u00faster remoto con un certificado no v\u00e1lido."
}
],
"id": "CVE-2019-11497",
"lastModified": "2024-11-21T04:21:12.347",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-10T18:15:12.633",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-29 20:15
Modified
2024-11-21 06:12
Severity ?
Summary
Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Control. Externally managed users are not prevented from using an empty password, per RFC4513.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.couchbase.com/server/current/release-notes/relnotes.html | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.couchbase.com/alerts | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.couchbase.com/server/current/release-notes/relnotes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.couchbase.com/alerts | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| couchbase | couchbase_server | * | |
| couchbase | couchbase_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D16F2D-1B3A-49C6-BCD7-9F73DF9F4DC0",
"versionEndIncluding": "6.5.2",
"versionStartIncluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7D6DAC9-87C3-49A1-B615-1D1539423945",
"versionEndExcluding": "6.6.3",
"versionStartIncluding": "6.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Control. Externally managed users are not prevented from using an empty password, per RFC4513."
},
{
"lang": "es",
"value": "Couchbase Server versiones 6.5.x y 6.6.x hasta 6.6.2, presenta un Control de Acceso Incorrecto. No se impide a usuarios administrados externamente usar una contrase\u00f1a vac\u00eda, seg\u00fan RFC4513"
}
],
"id": "CVE-2021-35943",
"lastModified": "2024-11-21T06:12:48.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-29T20:15:08.320",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-13 21:15
Modified
2024-11-21 07:06
Severity ?
Summary
An issue was discovered in Couchbase Server before 7.0.4. Sample bucket loading may leak internal user passwords during a failure.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.couchbase.com/server/current/release-notes/relnotes.html | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://forums.couchbase.com/tags/security | Vendor Advisory | |
| cve@mitre.org | https://www.couchbase.com/alerts | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.couchbase.com/server/current/release-notes/relnotes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forums.couchbase.com/tags/security | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.couchbase.com/alerts | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| couchbase | couchbase_server | * | |
| couchbase | couchbase_server | 7.0.0 | |
| couchbase | couchbase_server | 7.0.1 | |
| couchbase | couchbase_server | 7.0.2 | |
| couchbase | couchbase_server | 7.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F517BE4-EA03-4FA7-A58A-7B48C1F0CC06",
"versionEndIncluding": "6.6.3",
"versionStartIncluding": "6.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0961B152-BD49-4805-BB29-0E72107AA06C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DDBFEB5B-7BF8-456B-84A2-8A8656470F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C6675EB3-2FC9-41E7-9FA0-94DA4DE61C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1E22A4AD-8DB7-467E-B1A5-6B6B491D3E77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Couchbase Server before 7.0.4. Sample bucket loading may leak internal user passwords during a failure."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Couchbase Server versiones anteriores a 7.0.4. La carga de cubos de muestra puede filtrar las contrase\u00f1as de usuarios internos durante un fallo"
}
],
"id": "CVE-2022-32558",
"lastModified": "2024-11-21T07:06:37.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-13T21:15:07.963",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-06 21:15
Modified
2024-11-21 07:25
Severity ?
Summary
An issue was discovered in Couchbase Server 6.5.x and 6.6.x before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2. During the start-up of a Couchbase Server node, there is a small window of time (before the cluster management authentication has started) where an attacker can connect to the cluster manager using default credentials.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| couchbase | couchbase_server | * | |
| couchbase | couchbase_server | * | |
| couchbase | couchbase_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8A7864F-6CFD-49B8-9F10-75BBE7D7C466",
"versionEndExcluding": "6.6.6",
"versionStartIncluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D4AA8BF-9C42-46FB-8160-D622C9F2903C",
"versionEndExcluding": "7.0.5",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15E7D08F-4022-4766-9C45-B45A0A7EAC15",
"versionEndExcluding": "7.1.2",
"versionStartIncluding": "7.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Couchbase Server 6.5.x and 6.6.x before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2. During the start-up of a Couchbase Server node, there is a small window of time (before the cluster management authentication has started) where an attacker can connect to the cluster manager using default credentials."
}
],
"id": "CVE-2022-42951",
"lastModified": "2024-11-21T07:25:40.390",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-06T21:15:09.357",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
},
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-13 21:15
Modified
2024-11-21 07:05
Severity ?
Summary
Couchbase Server 6.6.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.couchbase.com/server/current/release-notes/relnotes.html | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.couchbase.com/alerts | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.couchbase.com/server/current/release-notes/relnotes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.couchbase.com/alerts | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| couchbase | couchbase_server | * | |
| couchbase | couchbase_server | 7.0.0 | |
| couchbase | couchbase_server | 7.0.1 | |
| couchbase | couchbase_server | 7.0.2 | |
| couchbase | couchbase_server | 7.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F517BE4-EA03-4FA7-A58A-7B48C1F0CC06",
"versionEndIncluding": "6.6.3",
"versionStartIncluding": "6.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0961B152-BD49-4805-BB29-0E72107AA06C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DDBFEB5B-7BF8-456B-84A2-8A8656470F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C6675EB3-2FC9-41E7-9FA0-94DA4DE61C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1E22A4AD-8DB7-467E-B1A5-6B6B491D3E77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Couchbase Server 6.6.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor."
},
{
"lang": "es",
"value": "Couchbase Server versiones 6.6.x hasta 7.x anteriores a 7.0.4, expone informaci\u00f3n confidencial a un actor no autorizado"
}
],
"id": "CVE-2022-32193",
"lastModified": "2024-11-21T07:05:53.943",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-13T21:15:07.873",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-26 21:15
Modified
2024-11-21 05:55
Severity ?
Summary
An issue was discovered in Couchbase Server 5.x and 6.x before 6.5.2 and 6.6.x before 6.6.2. Internal users with administrator privileges, @cbq-engine-cbauth and @index-cbauth, leak credentials in cleartext in the indexer.log file when they make a /listCreateTokens, /listRebalanceTokens, or /listMetadataTokens call.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| couchbase | couchbase_server | * | |
| couchbase | couchbase_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F801B3C-C4FE-46FB-89FA-2718EA5431EA",
"versionEndExcluding": "6.5.2",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA1D38E8-0E51-47FE-98BC-AFFAFE71380E",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "6.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Couchbase Server 5.x and 6.x before 6.5.2 and 6.6.x before 6.6.2. Internal users with administrator privileges, @cbq-engine-cbauth and @index-cbauth, leak credentials in cleartext in the indexer.log file when they make a /listCreateTokens, /listRebalanceTokens, or /listMetadataTokens call."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Couchbase Server versiones 5.x y versiones 6.x anteriores a 6.5.2 y versiones 6.6.x anteriores a 6.6.2.\u0026#xa0;Los usuarios internos con privilegios de administrador, @cbq-engine-cbauth y @index-cbauth, filtran credenciales en texto sin cifrar del archivo indexer.log cuando realizan una llamada /listCreateTokens, /listRebalanceTokens o /listMetadataTokens"
}
],
"id": "CVE-2021-25643",
"lastModified": "2024-11-21T05:55:11.947",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-26T21:15:08.273",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-06-05 22:15
Modified
2025-01-08 18:15
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chrome | * | ||
| microsoft | windows | - | |
| fedoraproject | fedora | 37 | |
| fedoraproject | fedora | 38 | |
| debian | debian_linux | 11.0 | |
| debian | debian_linux | 12.0 | |
| chrome | * | ||
| apple | macos | - | |
| linux | linux_kernel | - | |
| couchbase | couchbase_server | * | |
| couchbase | couchbase_server | 7.2.0 |
{
"cisaActionDue": "2023-06-28",
"cisaExploitAdd": "2023-06-07",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Google Chromium V8 Type Confusion Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB69CD96-74B6-49C5-8589-99136EE565C6",
"versionEndExcluding": "114.0.5735.110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "572A3A40-DC77-4EF0-B85A-8195DA2A0491",
"versionEndExcluding": "114.0.5735.106",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D5763B2-C023-4C29-A30E-71B087A967DD",
"versionEndExcluding": "7.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FBF7BB41-6DE4-45D5-81FE-A3CC055853F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"id": "CVE-2023-3079",
"lastModified": "2025-01-08T18:15:15.897",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-06-05T22:15:12.383",
"references": [
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/176211/Chrome-V8-Type-Confusion.html"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/176212/Chrome-V8-Type-Confusion-New-Sandbox-Escape.html"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Vendor Advisory"
],
"url": "https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://crbug.com/1450481"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DYTXO5E3FI3I2ETDP3HF4SHYYTFMKMIC/"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U4OXTNIZY4JYHJT7CVLPAJQILI6BISVM/"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202311-11"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202401-34"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.couchbase.com/alerts/"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/176211/Chrome-V8-Type-Confusion.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/176212/Chrome-V8-Type-Confusion-New-Sandbox-Escape.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://crbug.com/1450481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DYTXO5E3FI3I2ETDP3HF4SHYYTFMKMIC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U4OXTNIZY4JYHJT7CVLPAJQILI6BISVM/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202311-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202401-34"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.couchbase.com/alerts/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5420"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-843"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-843"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-08 22:15
Modified
2024-11-21 08:10
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Couchbase Server 7.1.4 before 7.1.5 and 7.2.0 before 7.2.1 allows Directory Traversal.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| couchbase | couchbase_server | * | |
| couchbase | couchbase_server | 7.2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CAEE598-4C6B-4C9D-A6E5-41C4D43DDAE8",
"versionEndExcluding": "7.1.5",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FBF7BB41-6DE4-45D5-81FE-A3CC055853F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Couchbase Server 7.1.4 before 7.1.5 and 7.2.0 before 7.2.1 allows Directory Traversal."
},
{
"lang": "es",
"value": "Couchbase Server 7.1.4 anterior a 7.1.5 y 7.2.0 anterior a 7.2.1 permite el cruce de directorios."
}
],
"id": "CVE-2023-36667",
"lastModified": "2024-11-21T08:10:16.910",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-11-08T22:15:08.983",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-19 19:15
Modified
2024-11-21 06:05
Severity ?
Summary
In the Query Engine in Couchbase Server 6.5.x and 6.6.x through 6.6.1, Common Table Expression queries were not correctly checking the user's permissions, allowing read-access to resources beyond what those users were explicitly allowed to access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.couchbase.com/server/current/release-notes/relnotes.html | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.couchbase.com/resources/security#SecurityAlerts | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.couchbase.com/server/current/release-notes/relnotes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.couchbase.com/resources/security#SecurityAlerts | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| couchbase | couchbase_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF3DAA2-BF57-412A-84CC-B56172426027",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "6.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Query Engine in Couchbase Server 6.5.x and 6.6.x through 6.6.1, Common Table Expression queries were not correctly checking the user\u0027s permissions, allowing read-access to resources beyond what those users were explicitly allowed to access."
},
{
"lang": "es",
"value": "En el Motor de Consulta en Couchbase Server versiones 6.5.x y versiones 6.6.x hasta 6.6.1, las consultas de Common Table Expression no comprobaban correctamente los permisos del usuario, permitiendo un acceso de lectura a recursos m\u00e1s all\u00e1 de lo que esos usuarios ten\u00edan expl\u00edcitamente permitido acceder"
}
],
"id": "CVE-2021-31158",
"lastModified": "2024-11-21T06:05:12.127",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-19T19:15:08.420",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-10 18:15
Modified
2024-11-21 04:21
Severity ?
Summary
In Couchbase Server 4.6.3 and 5.5.0, secondary indexing encodes the entries to be indexed using collatejson. When index entries contain certain characters like \t, <, >, it caused buffer overrun as encoded string would be much larger than accounted for, causing indexer service to crash and restart. This has been remedied in versions 5.1.2 and 5.5.2 to ensure buffer always grows as needed for any input.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| couchbase | couchbase_server | 4.6.3 | |
| couchbase | couchbase_server | 5.5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "67268D7C-0C49-498A-91BB-397AC6E0D8BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BFEE047D-53C8-4851-A814-57125B21E01A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Couchbase Server 4.6.3 and 5.5.0, secondary indexing encodes the entries to be indexed using collatejson. When index entries contain certain characters like \\t, \u003c, \u003e, it caused buffer overrun as encoded string would be much larger than accounted for, causing indexer service to crash and restart. This has been remedied in versions 5.1.2 and 5.5.2 to ensure buffer always grows as needed for any input."
},
{
"lang": "es",
"value": "En Couchbase Server versiones, 4.6.3 y 5.5.0, la indexaci\u00f3n secundaria codifica las entradas que se indexar\u00e1n mediante collatejson. Cuando las entradas de \u00edndice contienen ciertos caracteres como \\ t, \u0026lt;,\u0026gt;, se produce el desbordamiento del b\u00fafer ya que la cadena codificada ser\u00eda mucho m\u00e1s grande de lo que se tiene en cuenta, lo que hace que el servicio del indexador se bloquee y reinicie. Esto se ha solucionado en las versiones 5.1.2 y 5.5.2 para garantizar que el b\u00fafer siempre crezca seg\u00fan sea necesario para cualquier entrada."
}
],
"id": "CVE-2019-11467",
"lastModified": "2024-11-21T04:21:08.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-10T18:15:12.367",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-08 16:15
Modified
2024-11-21 05:39
Severity ?
Summary
In Couchbase Server 6.0.3 and Couchbase Sync Gateway through 2.7.0, the Cluster management, views, query, and full-text search endpoints are vulnerable to the Slowloris denial-of-service attack because they don't more aggressively terminate slow connections.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| couchbase | couchbase_server | 6.0.3 | |
| couchbase | sync_gateway | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2899AC9E-D0D6-4488-8286-CABC621E642A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:couchbase:sync_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9728807-BCC2-4CB2-9FB9-31CD13DE5D03",
"versionEndIncluding": "2.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Couchbase Server 6.0.3 and Couchbase Sync Gateway through 2.7.0, the Cluster management, views, query, and full-text search endpoints are vulnerable to the Slowloris denial-of-service attack because they don\u0027t more aggressively terminate slow connections."
},
{
"lang": "es",
"value": "En Couchbase Server versi\u00f3n 6.0.3 y Couchbase Sync Gateway versiones hasta 2.7.0, los endpoints de administraci\u00f3n del Cl\u00faster, vistas, consultas y b\u00fasqueda de texto completo son vulnerables al ataque de denegaci\u00f3n de servicio de Slowloris porque no terminan m\u00e1s agresivamente las conexiones lentas"
}
],
"id": "CVE-2020-9041",
"lastModified": "2024-11-21T05:39:53.003",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-08T16:15:10.353",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-404"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-14 17:15
Modified
2024-11-21 07:06
Severity ?
Summary
An issue was discovered in Couchbase Server before 6.6.5 and 7.x before 7.0.4. Previous mitigations for CVE-2018-15728 were found to be insufficient when it was discovered that diagnostic endpoints could still be accessed from the network.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.couchbase.com/server/current/release-notes/relnotes.html | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://forums.couchbase.com/tags/security | Vendor Advisory | |
| cve@mitre.org | https://www.couchbase.com/alerts | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.couchbase.com/server/current/release-notes/relnotes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forums.couchbase.com/tags/security | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.couchbase.com/alerts | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| couchbase | couchbase_server | * | |
| couchbase | couchbase_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF66B7F7-BD24-4249-94CD-6540C90CF846",
"versionEndExcluding": "6.6.5",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3B22B53-B9C1-48DA-9950-EDE8B70E3FB7",
"versionEndExcluding": "7.0.4",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Couchbase Server before 6.6.5 and 7.x before 7.0.4. Previous mitigations for CVE-2018-15728 were found to be insufficient when it was discovered that diagnostic endpoints could still be accessed from the network."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Couchbase Server versiones anteriores a 6.6.5 y versiones 7.x anteriores a 7.0.4. Las mitigaciones anteriores para CVE-2018-15728 resultaron insuficientes cuando ha sido detectado que se pod\u00eda seguir accediendo a los endpoints de diagn\u00f3stico desde la red"
}
],
"id": "CVE-2022-32561",
"lastModified": "2024-11-21T07:06:38.377",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-14T17:15:08.703",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-23 01:15
Modified
2024-11-21 07:55
Severity ?
Summary
In Couchbase Server 5 through 7 before 7.1.4, the nsstats endpoint is accessible without authentication.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| couchbase | couchbase_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90EECB4E-AB0E-49E4-9387-37C80E88A15A",
"versionEndExcluding": "7.1.4",
"versionStartIncluding": "6.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Couchbase Server 5 through 7 before 7.1.4, the nsstats endpoint is accessible without authentication."
}
],
"id": "CVE-2023-28470",
"lastModified": "2024-11-21T07:55:09.477",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-23T01:15:12.317",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.couchbase.com/downloads"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.couchbase.com/downloads"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-06 21:15
Modified
2024-11-21 07:25
Severity ?
Summary
An issue was discovered in Couchbase Server 7.x before 7.0.5 and 7.1.x before 7.1.2. A crafted HTTP REST request from an administrator account to the Couchbase Server Backup Service can exhaust memory resources, causing the process to be killed, which can be used for denial of service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| couchbase | couchbase_server | * | |
| couchbase | couchbase_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D4AA8BF-9C42-46FB-8160-D622C9F2903C",
"versionEndExcluding": "7.0.5",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15E7D08F-4022-4766-9C45-B45A0A7EAC15",
"versionEndExcluding": "7.1.2",
"versionStartIncluding": "7.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Couchbase Server 7.x before 7.0.5 and 7.1.x before 7.1.2. A crafted HTTP REST request from an administrator account to the Couchbase Server Backup Service can exhaust memory resources, causing the process to be killed, which can be used for denial of service."
}
],
"id": "CVE-2022-42950",
"lastModified": "2024-11-21T07:25:40.207",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-06T21:15:09.300",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-24 19:29
Modified
2024-11-21 03:51
Severity ?
Summary
Couchbase Server exposed the '/diag/eval' endpoint which by default is available on TCP/8091 and/or TCP/18091. Authenticated users that have 'Full Admin' role assigned could send arbitrary Erlang code to the 'diag/eval' endpoint of the API and the code would subsequently be executed in the underlying operating system with privileges of the user which was used to start Couchbase. Affects Version: 4.0.0, 4.1.2, 4.5.1, 5.0.0, 4.6.5, 5.0.1, 5.1.1, 5.5.0, 5.5.1. Fix Version: 6.0.0, 5.5.2
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/bugtraq/2018/Aug/49 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/105157 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.couchbase.com/resources/security#SecurityAlerts | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/bugtraq/2018/Aug/49 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105157 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.couchbase.com/resources/security#SecurityAlerts |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| couchbase | couchbase_server | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E1071394-7446-4CA8-9D88-2E6A8D396413",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Couchbase Server exposed the \u0027/diag/eval\u0027 endpoint which by default is available on TCP/8091 and/or TCP/18091. Authenticated users that have \u0027Full Admin\u0027 role assigned could send arbitrary Erlang code to the \u0027diag/eval\u0027 endpoint of the API and the code would subsequently be executed in the underlying operating system with privileges of the user which was used to start Couchbase. Affects Version: 4.0.0, 4.1.2, 4.5.1, 5.0.0, 4.6.5, 5.0.1, 5.1.1, 5.5.0, 5.5.1. Fix Version: 6.0.0, 5.5.2"
},
{
"lang": "es",
"value": "Couchbase Server expuso el punto final \u0027/ diag / eval\u0027 que por defecto est\u00e1 disponible en TCP / 8091 y / o TCP / 18091. Los usuarios autenticados que tienen asignada la funci\u00f3n \u0027Administrador total\u0027 pueden enviar c\u00f3digo arbitrario de Erlang al punto final \u0027diag / eval\u0027 de la API y el c\u00f3digo se ejecutar\u00e1 posteriormente en el sistema operativo subyacente con privilegios del usuario que se utiliz\u00f3 para iniciar Couchbase. Afecta a la versi\u00f3n: 4.0.0, 4.1.2, 4.5.1, 5.0.0, 4.6.5, 5.0.1, 5.1.1, 5.5.0, 5.5.1. Versi\u00f3n de reparaci\u00f3n: 6.0.0, 5.5.2"
}
],
"id": "CVE-2018-15728",
"lastModified": "2024-11-21T03:51:21.103",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-24T19:29:02.157",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/bugtraq/2018/Aug/49"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105157"
},
{
"source": "cve@mitre.org",
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/bugtraq/2018/Aug/49"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-02 14:15
Modified
2024-11-21 06:08
Severity ?
Summary
Couchbase Server before 7.1.0 has Incorrect Access Control.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.couchbase.com/server/current/release-notes/relnotes.html | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.couchbase.com/alerts | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.couchbase.com/server/current/release-notes/relnotes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.couchbase.com/alerts | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| couchbase | couchbase_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7B0597-EE31-4704-817D-DC8AF64C86FF",
"versionEndExcluding": "7.1.0",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Couchbase Server before 7.1.0 has Incorrect Access Control."
},
{
"lang": "es",
"value": "Couchbase Server versiones anteriores a 7.1.0, presenta un Control de Acceso Incorrecto"
}
],
"id": "CVE-2021-33504",
"lastModified": "2024-11-21T06:08:58.217",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-02T14:15:28.673",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-06 21:15
Modified
2024-11-21 07:48
Severity ?
Summary
Couchbase Server before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2 exposes Sensitive Information to an Unauthorized Actor.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| couchbase | couchbase_server | * | |
| couchbase | couchbase_server | * | |
| couchbase | couchbase_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "939CBEC4-4642-4DDB-9C77-C8DCA22852A0",
"versionEndExcluding": "6.6.6",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D4AA8BF-9C42-46FB-8160-D622C9F2903C",
"versionEndExcluding": "7.0.5",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15E7D08F-4022-4766-9C45-B45A0A7EAC15",
"versionEndExcluding": "7.1.2",
"versionStartIncluding": "7.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Couchbase Server before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2 exposes Sensitive Information to an Unauthorized Actor."
},
{
"lang": "es",
"value": "Couchbase Server anterior a 6.6.6, 7.x anterior a 7.0.5 y 7.1.x anterior a 7.1.2 exponen informaci\u00f3n confidencial a un actor no autorizado."
}
],
"id": "CVE-2023-25016",
"lastModified": "2024-11-21T07:48:56.310",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-06T21:15:09.900",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-08 21:15
Modified
2024-11-21 08:27
Severity ?
Summary
An issue was discovered in Couchbase Server 7.2.0. There is a private key leak in debug.log while adding a pre-7.0 node to a 7.2 cluster.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| couchbase | couchbase_server | 7.2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FBF7BB41-6DE4-45D5-81FE-A3CC055853F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Couchbase Server 7.2.0. There is a private key leak in debug.log while adding a pre-7.0 node to a 7.2 cluster."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Couchbase Server 7.2.0. Hay una fuga de clave privada en debug.log al agregar un nodo anterior a 7.0 a un cl\u00faster 7.2."
}
],
"id": "CVE-2023-45875",
"lastModified": "2024-11-21T08:27:32.460",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-08T21:15:08.587",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.couchbase.com/alerts/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
cve-2019-11467
Vulnerability from cvelistv5
Published
2019-09-10 17:21
Modified
2024-08-04 22:55
Severity ?
EPSS score ?
Summary
In Couchbase Server 4.6.3 and 5.5.0, secondary indexing encodes the entries to be indexed using collatejson. When index entries contain certain characters like \t, <, >, it caused buffer overrun as encoded string would be much larger than accounted for, causing indexer service to crash and restart. This has been remedied in versions 5.1.2 and 5.5.2 to ensure buffer always grows as needed for any input.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.couchbase.com/resources/security#SecurityAlerts | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:40.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Couchbase Server 4.6.3 and 5.5.0, secondary indexing encodes the entries to be indexed using collatejson. When index entries contain certain characters like \\t, \u003c, \u003e, it caused buffer overrun as encoded string would be much larger than accounted for, causing indexer service to crash and restart. This has been remedied in versions 5.1.2 and 5.5.2 to ensure buffer always grows as needed for any input."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-26T18:53:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11467",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Couchbase Server 4.6.3 and 5.5.0, secondary indexing encodes the entries to be indexed using collatejson. When index entries contain certain characters like \\t, \u003c, \u003e, it caused buffer overrun as encoded string would be much larger than accounted for, causing indexer service to crash and restart. This has been remedied in versions 5.1.2 and 5.5.2 to ensure buffer always grows as needed for any input."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.couchbase.com/resources/security#SecurityAlerts",
"refsource": "MISC",
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11467",
"datePublished": "2019-09-10T17:21:50",
"dateReserved": "2019-04-22T00:00:00",
"dateUpdated": "2024-08-04T22:55:40.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-32560
Vulnerability from cvelistv5
Published
2022-06-13 20:45
Modified
2024-08-03 07:46
Severity ?
EPSS score ?
Summary
An issue was discovered in Couchbase Server before 7.0.4. XDCR lacks role checking when changing internal settings.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forums.couchbase.com/tags/security | x_refsource_MISC | |
| https://docs.couchbase.com/server/current/release-notes/relnotes.html | x_refsource_MISC | |
| https://www.couchbase.com/alerts | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:46:44.316Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.couchbase.com/alerts"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Couchbase Server before 7.0.4. XDCR lacks role checking when changing internal settings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-13T20:45:40",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.couchbase.com/alerts"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-32560",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Couchbase Server before 7.0.4. XDCR lacks role checking when changing internal settings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forums.couchbase.com/tags/security",
"refsource": "MISC",
"url": "https://forums.couchbase.com/tags/security"
},
{
"name": "https://docs.couchbase.com/server/current/release-notes/relnotes.html",
"refsource": "MISC",
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"name": "https://www.couchbase.com/alerts",
"refsource": "MISC",
"url": "https://www.couchbase.com/alerts"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-32560",
"datePublished": "2022-06-13T20:45:40",
"dateReserved": "2022-06-08T00:00:00",
"dateUpdated": "2024-08-03T07:46:44.316Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-37842
Vulnerability from cvelistv5
Published
2021-11-02 11:39
Modified
2024-08-04 01:30
Severity ?
EPSS score ?
Summary
metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, which is being logged, has a tombstone purger time-stamp attached to it.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.couchbase.com/server/current/release-notes/relnotes.html | x_refsource_MISC | |
| https://www.couchbase.com/alerts | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:30:09.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.couchbase.com/alerts"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, which is being logged, has a tombstone purger time-stamp attached to it."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-02T11:39:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.couchbase.com/alerts"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-37842",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, which is being logged, has a tombstone purger time-stamp attached to it."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.couchbase.com/server/current/release-notes/relnotes.html",
"refsource": "MISC",
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"name": "https://www.couchbase.com/alerts",
"refsource": "MISC",
"url": "https://www.couchbase.com/alerts"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-37842",
"datePublished": "2021-11-02T11:39:24",
"dateReserved": "2021-08-02T00:00:00",
"dateUpdated": "2024-08-04T01:30:09.145Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-35943
Vulnerability from cvelistv5
Published
2021-09-29 19:17
Modified
2024-08-04 00:40
Severity ?
EPSS score ?
Summary
Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Control. Externally managed users are not prevented from using an empty password, per RFC4513.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.couchbase.com/server/current/release-notes/relnotes.html | x_refsource_MISC | |
| https://www.couchbase.com/alerts | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:40:47.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.couchbase.com/alerts"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Control. Externally managed users are not prevented from using an empty password, per RFC4513."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-29T19:17:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.couchbase.com/alerts"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-35943",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Control. Externally managed users are not prevented from using an empty password, per RFC4513."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.couchbase.com/server/current/release-notes/relnotes.html",
"refsource": "MISC",
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"name": "https://www.couchbase.com/alerts",
"refsource": "MISC",
"url": "https://www.couchbase.com/alerts"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-35943",
"datePublished": "2021-09-29T19:17:10",
"dateReserved": "2021-06-29T00:00:00",
"dateUpdated": "2024-08-04T00:40:47.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-34826
Vulnerability from cvelistv5
Published
2022-07-15 11:29
Modified
2024-08-03 09:22
Severity ?
EPSS score ?
Summary
In Couchbase Server 7.1.x before 7.1.1, an encrypted Private Key passphrase may be leaked in the logs.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.couchbase.com/alerts | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:22:10.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.couchbase.com/alerts"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Couchbase Server 7.1.x before 7.1.1, an encrypted Private Key passphrase may be leaked in the logs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-15T11:29:46",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.couchbase.com/alerts"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-34826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Couchbase Server 7.1.x before 7.1.1, an encrypted Private Key passphrase may be leaked in the logs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.couchbase.com/alerts",
"refsource": "MISC",
"url": "https://www.couchbase.com/alerts"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-34826",
"datePublished": "2022-07-15T11:29:46",
"dateReserved": "2022-06-29T00:00:00",
"dateUpdated": "2024-08-03T09:22:10.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-11496
Vulnerability from cvelistv5
Published
2019-09-10 17:26
Modified
2024-08-04 22:55
Severity ?
EPSS score ?
Summary
In versions of Couchbase Server prior to 5.0, the bucket named "default" was a special bucket that allowed read and write access without authentication. As part of 5.0, the behavior of all buckets including "default" were changed to only allow access by authenticated users with sufficient authorization. However, users were allowed unauthenticated and unauthorized access to the "default" bucket if the properties of this bucket were edited. This has been fixed in versions 5.1.0 and 5.5.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.couchbase.com/resources/security#SecurityAlerts | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:40.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In versions of Couchbase Server prior to 5.0, the bucket named \"default\" was a special bucket that allowed read and write access without authentication. As part of 5.0, the behavior of all buckets including \"default\" were changed to only allow access by authenticated users with sufficient authorization. However, users were allowed unauthenticated and unauthorized access to the \"default\" bucket if the properties of this bucket were edited. This has been fixed in versions 5.1.0 and 5.5.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-26T17:13:37",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11496",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In versions of Couchbase Server prior to 5.0, the bucket named \"default\" was a special bucket that allowed read and write access without authentication. As part of 5.0, the behavior of all buckets including \"default\" were changed to only allow access by authenticated users with sufficient authorization. However, users were allowed unauthenticated and unauthorized access to the \"default\" bucket if the properties of this bucket were edited. This has been fixed in versions 5.1.0 and 5.5.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.couchbase.com/resources/security#SecurityAlerts",
"refsource": "MISC",
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11496",
"datePublished": "2019-09-10T17:26:15",
"dateReserved": "2019-04-23T00:00:00",
"dateUpdated": "2024-08-04T22:55:40.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-11495
Vulnerability from cvelistv5
Published
2019-09-10 17:16
Modified
2024-08-04 22:55
Severity ?
EPSS score ?
Summary
In Couchbase Server 5.1.1, the cookie used for intra-node communication was not generated securely. Couchbase Server uses erlang:now() to seed the PRNG which results in a small search space for potential random seeds that could then be used to brute force the cookie and execute code against a remote system. This has been fixed in version 6.0.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.couchbase.com/resources/security#SecurityAlerts | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:40.284Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Couchbase Server 5.1.1, the cookie used for intra-node communication was not generated securely. Couchbase Server uses erlang:now() to seed the PRNG which results in a small search space for potential random seeds that could then be used to brute force the cookie and execute code against a remote system. This has been fixed in version 6.0.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-26T19:10:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Couchbase Server 5.1.1, the cookie used for intra-node communication was not generated securely. Couchbase Server uses erlang:now() to seed the PRNG which results in a small search space for potential random seeds that could then be used to brute force the cookie and execute code against a remote system. This has been fixed in version 6.0.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.couchbase.com/resources/security#SecurityAlerts",
"refsource": "MISC",
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11495",
"datePublished": "2019-09-10T17:16:29",
"dateReserved": "2019-04-23T00:00:00",
"dateUpdated": "2024-08-04T22:55:40.284Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-25645
Vulnerability from cvelistv5
Published
2021-05-10 12:59
Modified
2024-08-03 20:11
Severity ?
EPSS score ?
Summary
An issue was discovered in Couchbase Server before 6.0.5, 6.1.x through 6.5.x before 6.5.2, and 6.6.x before 6.6.1. An internal user with administrator privileges, @ns_server, leaks credentials in cleartext in the cbcollect_info.log, debug.log, ns_couchdb.log, indexer.log, and stats.log files. NOTE: updating the product does not automatically address leaks that occurred in the past.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.couchbase.com/resources/security#SecurityAlerts | x_refsource_CONFIRM | |
| https://www.couchbase.com/downloads | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:27.446Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.couchbase.com/downloads"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Couchbase Server before 6.0.5, 6.1.x through 6.5.x before 6.5.2, and 6.6.x before 6.6.1. An internal user with administrator privileges, @ns_server, leaks credentials in cleartext in the cbcollect_info.log, debug.log, ns_couchdb.log, indexer.log, and stats.log files. NOTE: updating the product does not automatically address leaks that occurred in the past."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-10T12:59:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.couchbase.com/downloads"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-25645",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Couchbase Server before 6.0.5, 6.1.x through 6.5.x before 6.5.2, and 6.6.x before 6.6.1. An internal user with administrator privileges, @ns_server, leaks credentials in cleartext in the cbcollect_info.log, debug.log, ns_couchdb.log, indexer.log, and stats.log files. NOTE: updating the product does not automatically address leaks that occurred in the past."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.couchbase.com/resources/security#SecurityAlerts",
"refsource": "CONFIRM",
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
},
{
"name": "https://www.couchbase.com/downloads",
"refsource": "MISC",
"url": "https://www.couchbase.com/downloads"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-25645",
"datePublished": "2021-05-10T12:59:28",
"dateReserved": "2021-01-21T00:00:00",
"dateUpdated": "2024-08-03T20:11:27.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-28470
Vulnerability from cvelistv5
Published
2023-03-23 00:00
Modified
2024-08-02 12:38
Severity ?
EPSS score ?
Summary
In Couchbase Server 5 through 7 before 7.1.4, the nsstats endpoint is accessible without authentication.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:25.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.couchbase.com/downloads"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.couchbase.com/alerts/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Couchbase Server 5 through 7 before 7.1.4, the nsstats endpoint is accessible without authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-23T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://forums.couchbase.com/tags/security"
},
{
"url": "https://www.couchbase.com/downloads"
},
{
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"url": "https://www.couchbase.com/alerts/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-28470",
"datePublished": "2023-03-23T00:00:00",
"dateReserved": "2023-03-15T00:00:00",
"dateUpdated": "2024-08-02T12:38:25.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-25643
Vulnerability from cvelistv5
Published
2021-05-26 20:09
Modified
2024-08-03 20:11
Severity ?
EPSS score ?
Summary
An issue was discovered in Couchbase Server 5.x and 6.x before 6.5.2 and 6.6.x before 6.6.2. Internal users with administrator privileges, @cbq-engine-cbauth and @index-cbauth, leak credentials in cleartext in the indexer.log file when they make a /listCreateTokens, /listRebalanceTokens, or /listMetadataTokens call.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.couchbase.com/resources/security#SecurityAlerts | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:27.533Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Couchbase Server 5.x and 6.x before 6.5.2 and 6.6.x before 6.6.2. Internal users with administrator privileges, @cbq-engine-cbauth and @index-cbauth, leak credentials in cleartext in the indexer.log file when they make a /listCreateTokens, /listRebalanceTokens, or /listMetadataTokens call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-26T20:09:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-25643",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Couchbase Server 5.x and 6.x before 6.5.2 and 6.6.x before 6.6.2. Internal users with administrator privileges, @cbq-engine-cbauth and @index-cbauth, leak credentials in cleartext in the indexer.log file when they make a /listCreateTokens, /listRebalanceTokens, or /listMetadataTokens call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.couchbase.com/resources/security#SecurityAlerts",
"refsource": "MISC",
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-25643",
"datePublished": "2021-05-26T20:09:11",
"dateReserved": "2021-01-21T00:00:00",
"dateUpdated": "2024-08-03T20:11:27.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-42763
Vulnerability from cvelistv5
Published
2021-11-02 11:46
Modified
2024-08-04 03:38
Severity ?
EPSS score ?
Summary
Couchbase Server before 6.6.3 and 7.x before 7.0.2 stores Sensitive Information in Cleartext. The issue occurs when the cluster manager forwards a HTTP request from the pluggable UI (query workbench etc) to the specific service. In the backtrace, the Basic Auth Header included in the HTTP request, has the "@" user credentials of the node processing the UI request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.couchbase.com/server/current/release-notes/relnotes.html | x_refsource_MISC | |
| https://www.couchbase.com/alerts | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.couchbase.com/alerts"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Couchbase Server before 6.6.3 and 7.x before 7.0.2 stores Sensitive Information in Cleartext. The issue occurs when the cluster manager forwards a HTTP request from the pluggable UI (query workbench etc) to the specific service. In the backtrace, the Basic Auth Header included in the HTTP request, has the \"@\" user credentials of the node processing the UI request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-02T11:46:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.couchbase.com/alerts"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-42763",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Couchbase Server before 6.6.3 and 7.x before 7.0.2 stores Sensitive Information in Cleartext. The issue occurs when the cluster manager forwards a HTTP request from the pluggable UI (query workbench etc) to the specific service. In the backtrace, the Basic Auth Header included in the HTTP request, has the \"@\" user credentials of the node processing the UI request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.couchbase.com/server/current/release-notes/relnotes.html",
"refsource": "MISC",
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"name": "https://www.couchbase.com/alerts",
"refsource": "MISC",
"url": "https://www.couchbase.com/alerts"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-42763",
"datePublished": "2021-11-02T11:46:24",
"dateReserved": "2021-10-20T00:00:00",
"dateUpdated": "2024-08-04T03:38:50.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-25644
Vulnerability from cvelistv5
Published
2021-05-19 18:50
Modified
2024-08-03 20:11
Severity ?
EPSS score ?
Summary
An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta. Incorrect commands to the REST API can result in leaked authentication information being stored in cleartext in the debug.log and info.log files, and is also shown in the UI visible to administrators.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.couchbase.com/resources/security#SecurityAlerts | x_refsource_MISC | |
| https://www.couchbase.com/downloads | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:27.510Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.couchbase.com/downloads"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta. Incorrect commands to the REST API can result in leaked authentication information being stored in cleartext in the debug.log and info.log files, and is also shown in the UI visible to administrators."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-19T18:50:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.couchbase.com/downloads"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-25644",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta. Incorrect commands to the REST API can result in leaked authentication information being stored in cleartext in the debug.log and info.log files, and is also shown in the UI visible to administrators."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.couchbase.com/resources/security#SecurityAlerts",
"refsource": "MISC",
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
},
{
"name": "https://www.couchbase.com/downloads",
"refsource": "MISC",
"url": "https://www.couchbase.com/downloads"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-25644",
"datePublished": "2021-05-19T18:50:52",
"dateReserved": "2021-01-21T00:00:00",
"dateUpdated": "2024-08-03T20:11:27.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-0519
Vulnerability from cvelistv5
Published
2024-01-16 21:14
Modified
2024-08-01 18:11
Severity ?
EPSS score ?
Summary
Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "chrome",
"vendor": "google",
"versions": [
{
"lessThan": "120.0.6099.224",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"dateAdded": "2024-01-17",
"reference": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json"
},
"type": "kev"
}
},
{
"other": {
"content": {
"id": "CVE-2024-0519",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-18T20:18:46.152236Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:58:25.202Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2024-01-17T00:00:00+00:00",
"value": "CVE-2024-0519 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:11:35.243Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://crbug.com/1517354"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IIUBRVICICWREJQUVT67RS7E4PVZQ5RS/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNN4SO5UI3U3Q6ASTVT6WMZ4723FYDLH/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.couchbase.com/alerts/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "120.0.6099.224",
"status": "affected",
"version": "120.0.6099.224",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out of bounds memory access",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-16T21:14:49.601Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html"
},
{
"url": "https://crbug.com/1517354"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IIUBRVICICWREJQUVT67RS7E4PVZQ5RS/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNN4SO5UI3U3Q6ASTVT6WMZ4723FYDLH/"
},
{
"url": "https://www.couchbase.com/alerts/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2024-0519",
"datePublished": "2024-01-16T21:14:49.601Z",
"dateReserved": "2024-01-12T22:48:07.982Z",
"dateUpdated": "2024-08-01T18:11:35.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-32558
Vulnerability from cvelistv5
Published
2022-06-13 20:45
Modified
2024-08-03 07:46
Severity ?
EPSS score ?
Summary
An issue was discovered in Couchbase Server before 7.0.4. Sample bucket loading may leak internal user passwords during a failure.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forums.couchbase.com/tags/security | x_refsource_MISC | |
| https://docs.couchbase.com/server/current/release-notes/relnotes.html | x_refsource_MISC | |
| https://www.couchbase.com/alerts | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:46:43.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.couchbase.com/alerts"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Couchbase Server before 7.0.4. Sample bucket loading may leak internal user passwords during a failure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-13T20:45:46",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.couchbase.com/alerts"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-32558",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Couchbase Server before 7.0.4. Sample bucket loading may leak internal user passwords during a failure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forums.couchbase.com/tags/security",
"refsource": "MISC",
"url": "https://forums.couchbase.com/tags/security"
},
{
"name": "https://docs.couchbase.com/server/current/release-notes/relnotes.html",
"refsource": "MISC",
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"name": "https://www.couchbase.com/alerts",
"refsource": "MISC",
"url": "https://www.couchbase.com/alerts"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-32558",
"datePublished": "2022-06-13T20:45:46",
"dateReserved": "2022-06-08T00:00:00",
"dateUpdated": "2024-08-03T07:46:43.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-42951
Vulnerability from cvelistv5
Published
2023-02-06 00:00
Modified
2024-08-03 13:19
Severity ?
EPSS score ?
Summary
An issue was discovered in Couchbase Server 6.5.x and 6.6.x before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2. During the start-up of a Couchbase Server node, there is a small window of time (before the cluster management authentication has started) where an attacker can connect to the cluster manager using default credentials.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:19:05.442Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.couchbase.com/alerts/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Couchbase Server 6.5.x and 6.6.x before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2. During the start-up of a Couchbase Server node, there is a small window of time (before the cluster management authentication has started) where an attacker can connect to the cluster manager using default credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-06T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://forums.couchbase.com/tags/security"
},
{
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"url": "https://www.couchbase.com/alerts/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-42951",
"datePublished": "2023-02-06T00:00:00",
"dateReserved": "2022-10-15T00:00:00",
"dateUpdated": "2024-08-03T13:19:05.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-11497
Vulnerability from cvelistv5
Published
2019-09-10 17:24
Modified
2024-08-04 22:55
Severity ?
EPSS score ?
Summary
In Couchbase Server 5.0.0, when an invalid Remote Cluster Certificate was entered as part of the reference creation, XDCR did not parse and check the certificate signature. It then accepted the invalid certificate and attempted to use it to establish future connections to the remote cluster. This has been fixed in version 5.5.0. XDCR now checks the validity of the certificate thoroughly and prevents a remote cluster reference from being created with an invalid certificate.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.couchbase.com/resources/security#SecurityAlerts | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:40.632Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Couchbase Server 5.0.0, when an invalid Remote Cluster Certificate was entered as part of the reference creation, XDCR did not parse and check the certificate signature. It then accepted the invalid certificate and attempted to use it to establish future connections to the remote cluster. This has been fixed in version 5.5.0. XDCR now checks the validity of the certificate thoroughly and prevents a remote cluster reference from being created with an invalid certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-26T18:33:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11497",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Couchbase Server 5.0.0, when an invalid Remote Cluster Certificate was entered as part of the reference creation, XDCR did not parse and check the certificate signature. It then accepted the invalid certificate and attempted to use it to establish future connections to the remote cluster. This has been fixed in version 5.5.0. XDCR now checks the validity of the certificate thoroughly and prevents a remote cluster reference from being created with an invalid certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.couchbase.com/resources/security#SecurityAlerts",
"refsource": "MISC",
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11497",
"datePublished": "2019-09-10T17:24:04",
"dateReserved": "2019-04-23T00:00:00",
"dateUpdated": "2024-08-04T22:55:40.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-9039
Vulnerability from cvelistv5
Published
2020-02-22 01:30
Modified
2024-08-04 10:19
Severity ?
EPSS score ?
Summary
Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6.5, 5.0.0, 5.1.1, 5.5.0 and 5.5.1 have Insecure Permissions for the projector and indexer REST endpoints (they allow unauthenticated access).The /settings REST endpoint exposed by the projector process is an endpoint that administrators can use for various tasks such as updating configuration and collecting performance profiles. The endpoint was unauthenticated and has been updated to only allow authenticated users to access these administrative APIs.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.couchbase.com/resources/security#SecurityAlerts | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:19.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6.5, 5.0.0, 5.1.1, 5.5.0 and 5.5.1 have Insecure Permissions for the projector and indexer REST endpoints (they allow unauthenticated access).The /settings REST endpoint exposed by the projector process is an endpoint that administrators can use for various tasks such as updating configuration and collecting performance profiles. The endpoint was unauthenticated and has been updated to only allow authenticated users to access these administrative APIs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-26T20:20:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-9039",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6.5, 5.0.0, 5.1.1, 5.5.0 and 5.5.1 have Insecure Permissions for the projector and indexer REST endpoints (they allow unauthenticated access).The /settings REST endpoint exposed by the projector process is an endpoint that administrators can use for various tasks such as updating configuration and collecting performance profiles. The endpoint was unauthenticated and has been updated to only allow authenticated users to access these administrative APIs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.couchbase.com/resources/security#SecurityAlerts",
"refsource": "CONFIRM",
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-9039",
"datePublished": "2020-02-22T01:30:33",
"dateReserved": "2020-02-17T00:00:00",
"dateUpdated": "2024-08-04T10:19:19.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-33173
Vulnerability from cvelistv5
Published
2022-07-11 12:20
Modified
2024-08-03 08:01
Severity ?
EPSS score ?
Summary
An algorithm-downgrade issue was discovered in Couchbase Server before 7.0.4. Analytics Remote Links may temporarily downgrade to non-TLS connection to determine the TLS port number, using SCRAM-SHA instead.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forums.couchbase.com/tags/security | x_refsource_MISC | |
| https://docs.couchbase.com/server/current/release-notes/relnotes.html | x_refsource_MISC | |
| https://www.couchbase.com/alerts | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:01:20.372Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.couchbase.com/alerts"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An algorithm-downgrade issue was discovered in Couchbase Server before 7.0.4. Analytics Remote Links may temporarily downgrade to non-TLS connection to determine the TLS port number, using SCRAM-SHA instead."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-11T12:20:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.couchbase.com/alerts"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-33173",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An algorithm-downgrade issue was discovered in Couchbase Server before 7.0.4. Analytics Remote Links may temporarily downgrade to non-TLS connection to determine the TLS port number, using SCRAM-SHA instead."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forums.couchbase.com/tags/security",
"refsource": "MISC",
"url": "https://forums.couchbase.com/tags/security"
},
{
"name": "https://docs.couchbase.com/server/current/release-notes/relnotes.html",
"refsource": "MISC",
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"name": "https://www.couchbase.com/alerts",
"refsource": "MISC",
"url": "https://www.couchbase.com/alerts"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-33173",
"datePublished": "2022-07-11T12:20:42",
"dateReserved": "2022-06-13T00:00:00",
"dateUpdated": "2024-08-03T08:01:20.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-32559
Vulnerability from cvelistv5
Published
2022-06-14 16:38
Modified
2024-08-03 07:46
Severity ?
EPSS score ?
Summary
An issue was discovered in Couchbase Server before 7.0.4. Random HTTP requests lead to leaked metrics.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forums.couchbase.com/tags/security | x_refsource_MISC | |
| https://docs.couchbase.com/server/current/release-notes/relnotes.html | x_refsource_MISC | |
| https://www.couchbase.com/alerts | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:46:44.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.couchbase.com/alerts"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Couchbase Server before 7.0.4. Random HTTP requests lead to leaked metrics."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-14T16:38:32",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.couchbase.com/alerts"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-32559",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Couchbase Server before 7.0.4. Random HTTP requests lead to leaked metrics."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forums.couchbase.com/tags/security",
"refsource": "MISC",
"url": "https://forums.couchbase.com/tags/security"
},
{
"name": "https://docs.couchbase.com/server/current/release-notes/relnotes.html",
"refsource": "MISC",
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"name": "https://www.couchbase.com/alerts",
"refsource": "MISC",
"url": "https://www.couchbase.com/alerts"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-32559",
"datePublished": "2022-06-14T16:38:32",
"dateReserved": "2022-06-08T00:00:00",
"dateUpdated": "2024-08-03T07:46:44.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-11464
Vulnerability from cvelistv5
Published
2019-09-10 16:38
Modified
2024-08-04 22:55
Severity ?
EPSS score ?
Summary
Some enterprises require that REST API endpoints include security-related headers in REST responses. Headers such as X-Frame-Options and X-Content-Type-Options are generally advisable, however some information security professionals additionally look for X-Permitted-Cross-Domain-Policies and X-XSS-Protection, which are more generally applicable to HTML endpoint, to be included too. These headers were not included in Couchbase Server 5.5.0 and 5.1.2 . They are now included in version 6.0.2 in responses from the Couchbase Server Views REST API (port 8092).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.couchbase.com/resources/security#SecurityAlerts | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:40.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Some enterprises require that REST API endpoints include security-related headers in REST responses. Headers such as X-Frame-Options and X-Content-Type-Options are generally advisable, however some information security professionals additionally look for X-Permitted-Cross-Domain-Policies and X-XSS-Protection, which are more generally applicable to HTML endpoint, to be included too. These headers were not included in Couchbase Server 5.5.0 and 5.1.2 . They are now included in version 6.0.2 in responses from the Couchbase Server Views REST API (port 8092)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-26T18:44:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11464",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Some enterprises require that REST API endpoints include security-related headers in REST responses. Headers such as X-Frame-Options and X-Content-Type-Options are generally advisable, however some information security professionals additionally look for X-Permitted-Cross-Domain-Policies and X-XSS-Protection, which are more generally applicable to HTML endpoint, to be included too. These headers were not included in Couchbase Server 5.5.0 and 5.1.2 . They are now included in version 6.0.2 in responses from the Couchbase Server Views REST API (port 8092)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.couchbase.com/resources/security#SecurityAlerts",
"refsource": "MISC",
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11464",
"datePublished": "2019-09-10T16:38:19",
"dateReserved": "2019-04-22T00:00:00",
"dateUpdated": "2024-08-04T22:55:40.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-50782
Vulnerability from cvelistv5
Published
2024-02-05 20:45
Modified
2024-11-25 10:24
Severity ?
EPSS score ?
Summary
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-50782 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2254432 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 3.2 ≤ |
||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:23:43.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-50782"
},
{
"name": "RHBZ#2254432",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254432"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.couchbase.com/alerts/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/pyca/cryptography",
"defaultStatus": "unaffected",
"packageName": "python-cryptography",
"versions": [
{
"lessThan": "42.0.0",
"status": "affected",
"version": "3.2",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "unaffected",
"packageName": "python-cryptography",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "python-cryptography",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "python39:3.9/python-cryptography",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "python-cryptography",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "python-cryptography",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite:6"
],
"defaultStatus": "unaffected",
"packageName": "python-cryptography",
"product": "Red Hat Satellite 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhui:4::el8"
],
"defaultStatus": "affected",
"packageName": "python-cryptography",
"product": "Red Hat Update Infrastructure 4 for Cloud Providers",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Hubert Kario (Red Hat)."
}
],
"datePublic": "2023-12-13T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-208",
"description": "Observable Timing Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T10:24:46.647Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-50782"
},
{
"name": "RHBZ#2254432",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254432"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-13T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-12-13T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Python-cryptography: bleichenbacher timing oracle attack against rsa decryption - incomplete fix for cve-2020-25659",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "CWE-327-\u003eCWE-385-\u003eCWE-208: Use of a Broken or Risky Cryptographic Algorithm leads to Covert Timing Channel leads to Observable Timing Discrepancy"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-50782",
"datePublished": "2024-02-05T20:45:49.705Z",
"dateReserved": "2023-12-13T20:44:02.023Z",
"dateUpdated": "2024-11-25T10:24:46.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-42950
Vulnerability from cvelistv5
Published
2023-02-06 00:00
Modified
2024-08-03 13:19
Severity ?
EPSS score ?
Summary
An issue was discovered in Couchbase Server 7.x before 7.0.5 and 7.1.x before 7.1.2. A crafted HTTP REST request from an administrator account to the Couchbase Server Backup Service can exhaust memory resources, causing the process to be killed, which can be used for denial of service.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:19:05.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.couchbase.com/alerts/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Couchbase Server 7.x before 7.0.5 and 7.1.x before 7.1.2. A crafted HTTP REST request from an administrator account to the Couchbase Server Backup Service can exhaust memory resources, causing the process to be killed, which can be used for denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-06T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://forums.couchbase.com/tags/security"
},
{
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"url": "https://www.couchbase.com/alerts/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-42950",
"datePublished": "2023-02-06T00:00:00",
"dateReserved": "2022-10-15T00:00:00",
"dateUpdated": "2024-08-03T13:19:05.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2033
Vulnerability from cvelistv5
Published
2023-04-14 18:10
Modified
2024-08-02 06:12
Severity ?
EPSS score ?
Summary
Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:12:19.776Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://crbug.com/1432210"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.couchbase.com/alerts/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5390"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FEJZMAUB4XP44HSHEBDWEKFGA7DUHY42/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4AOSGAOPXLBK4A5ZRTVZ4M6QKVLSWMWG/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJQI63HWZFL6M26Q6UOHKDY6LD2PFC5Z/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHHD6KNH4WLUE6JG6HRQZWNAJMHJ32X7/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLO7BL2MHZYPY6O3OAEAQL3SKYMGGO6M/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ES2CDRHR2Y4WY6DNDIAPYZFXJU3ZBFAV/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202309-17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "112.0.5615.121",
"status": "affected",
"version": "112.0.5615.121",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Type Confusion",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-14T18:10:15.157Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html"
},
{
"url": "https://crbug.com/1432210"
},
{
"url": "https://www.couchbase.com/alerts/"
},
{
"url": "https://www.debian.org/security/2023/dsa-5390"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FEJZMAUB4XP44HSHEBDWEKFGA7DUHY42/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4AOSGAOPXLBK4A5ZRTVZ4M6QKVLSWMWG/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJQI63HWZFL6M26Q6UOHKDY6LD2PFC5Z/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHHD6KNH4WLUE6JG6HRQZWNAJMHJ32X7/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLO7BL2MHZYPY6O3OAEAQL3SKYMGGO6M/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ES2CDRHR2Y4WY6DNDIAPYZFXJU3ZBFAV/"
},
{
"url": "https://security.gentoo.org/glsa/202309-17"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2023-2033",
"datePublished": "2023-04-14T18:10:15.157Z",
"dateReserved": "2023-04-13T23:35:02.218Z",
"dateUpdated": "2024-08-02T06:12:19.776Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-32557
Vulnerability from cvelistv5
Published
2022-06-14 16:38
Modified
2024-08-03 07:46
Severity ?
EPSS score ?
Summary
An issue was discovered in Couchbase Server before 7.0.4. The Index Service does not enforce authentication for TCP/TLS servers.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forums.couchbase.com/tags/security | x_refsource_MISC | |
| https://docs.couchbase.com/server/current/release-notes/relnotes.html | x_refsource_MISC | |
| https://www.couchbase.com/alerts | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:46:43.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.couchbase.com/alerts"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Couchbase Server before 7.0.4. The Index Service does not enforce authentication for TCP/TLS servers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-14T16:38:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.couchbase.com/alerts"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-32557",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Couchbase Server before 7.0.4. The Index Service does not enforce authentication for TCP/TLS servers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forums.couchbase.com/tags/security",
"refsource": "MISC",
"url": "https://forums.couchbase.com/tags/security"
},
{
"name": "https://docs.couchbase.com/server/current/release-notes/relnotes.html",
"refsource": "MISC",
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"name": "https://www.couchbase.com/alerts",
"refsource": "MISC",
"url": "https://www.couchbase.com/alerts"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-32557",
"datePublished": "2022-06-14T16:38:25",
"dateReserved": "2022-06-08T00:00:00",
"dateUpdated": "2024-08-03T07:46:43.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-9041
Vulnerability from cvelistv5
Published
2020-06-08 15:21
Modified
2024-08-04 10:19
Severity ?
EPSS score ?
Summary
In Couchbase Server 6.0.3 and Couchbase Sync Gateway through 2.7.0, the Cluster management, views, query, and full-text search endpoints are vulnerable to the Slowloris denial-of-service attack because they don't more aggressively terminate slow connections.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.couchbase.com/resources/security#SecurityAlerts | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:19.797Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Couchbase Server 6.0.3 and Couchbase Sync Gateway through 2.7.0, the Cluster management, views, query, and full-text search endpoints are vulnerable to the Slowloris denial-of-service attack because they don\u0027t more aggressively terminate slow connections."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-08T15:21:37",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-9041",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Couchbase Server 6.0.3 and Couchbase Sync Gateway through 2.7.0, the Cluster management, views, query, and full-text search endpoints are vulnerable to the Slowloris denial-of-service attack because they don\u0027t more aggressively terminate slow connections."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.couchbase.com/resources/security#SecurityAlerts",
"refsource": "CONFIRM",
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-9041",
"datePublished": "2020-06-08T15:21:37",
"dateReserved": "2020-02-17T00:00:00",
"dateUpdated": "2024-08-04T10:19:19.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-24719
Vulnerability from cvelistv5
Published
2020-11-12 20:31
Modified
2024-08-04 15:19
Severity ?
EPSS score ?
Summary
Exposed Erlang Cookie could lead to Remote Command Execution (RCE) attack. Communication between Erlang nodes is done by exchanging a shared secret (aka "magic cookie"). There are cases where the magic cookie is included in the content of the logs. An attacker can use the cookie to attach to an Erlang node and run OS level commands on the system running the Erlang node. Affects version: 6.5.1. Fix version: 6.6.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.couchbase.com/resources/security#VulnerabilityReporting | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:09.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.couchbase.com/resources/security#VulnerabilityReporting"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exposed Erlang Cookie could lead to Remote Command Execution (RCE) attack. Communication between Erlang nodes is done by exchanging a shared secret (aka \"magic cookie\"). There are cases where the magic cookie is included in the content of the logs. An attacker can use the cookie to attach to an Erlang node and run OS level commands on the system running the Erlang node. Affects version: 6.5.1. Fix version: 6.6.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-12T20:36:50",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.couchbase.com/resources/security#VulnerabilityReporting"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24719",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exposed Erlang Cookie could lead to Remote Command Execution (RCE) attack. Communication between Erlang nodes is done by exchanging a shared secret (aka \"magic cookie\"). There are cases where the magic cookie is included in the content of the logs. An attacker can use the cookie to attach to an Erlang node and run OS level commands on the system running the Erlang node. Affects version: 6.5.1. Fix version: 6.6.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.couchbase.com/resources/security#VulnerabilityReporting",
"refsource": "CONFIRM",
"url": "https://www.couchbase.com/resources/security#VulnerabilityReporting"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24719",
"datePublished": "2020-11-12T20:31:47",
"dateReserved": "2020-08-27T00:00:00",
"dateUpdated": "2024-08-04T15:19:09.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-36667
Vulnerability from cvelistv5
Published
2023-11-08 00:00
Modified
2024-09-04 19:01
Severity ?
EPSS score ?
Summary
Couchbase Server 7.1.4 before 7.1.5 and 7.2.0 before 7.2.1 allows Directory Traversal.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:52:53.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.couchbase.com/alerts/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-36667",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T19:01:38.853457Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T19:01:42.112Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Couchbase Server 7.1.4 before 7.1.5 and 7.2.0 before 7.2.1 allows Directory Traversal."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-08T21:29:30.518694",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"url": "https://www.couchbase.com/alerts/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-36667",
"datePublished": "2023-11-08T00:00:00",
"dateReserved": "2023-06-25T00:00:00",
"dateUpdated": "2024-09-04T19:01:42.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-33911
Vulnerability from cvelistv5
Published
2022-07-11 12:20
Modified
2024-08-03 08:09
Severity ?
EPSS score ?
Summary
An issue was discovered in Couchbase Server 7.x before 7.0.4. Field names are not redacted in logged validation messages for Analytics Service. An Unauthorized Actor may be able to obtain Sensitive Information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forums.couchbase.com/tags/security | x_refsource_MISC | |
| https://docs.couchbase.com/server/current/release-notes/relnotes.html | x_refsource_MISC | |
| https://www.couchbase.com/alerts | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:09:22.779Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.couchbase.com/alerts"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Couchbase Server 7.x before 7.0.4. Field names are not redacted in logged validation messages for Analytics Service. An Unauthorized Actor may be able to obtain Sensitive Information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-11T12:20:54",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.couchbase.com/alerts"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-33911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Couchbase Server 7.x before 7.0.4. Field names are not redacted in logged validation messages for Analytics Service. An Unauthorized Actor may be able to obtain Sensitive Information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forums.couchbase.com/tags/security",
"refsource": "MISC",
"url": "https://forums.couchbase.com/tags/security"
},
{
"name": "https://docs.couchbase.com/server/current/release-notes/relnotes.html",
"refsource": "MISC",
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"name": "https://www.couchbase.com/alerts",
"refsource": "MISC",
"url": "https://www.couchbase.com/alerts"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-33911",
"datePublished": "2022-07-11T12:20:54",
"dateReserved": "2022-06-17T00:00:00",
"dateUpdated": "2024-08-03T08:09:22.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-15728
Vulnerability from cvelistv5
Published
2018-08-24 19:00
Modified
2024-08-05 10:01
Severity ?
EPSS score ?
Summary
Couchbase Server exposed the '/diag/eval' endpoint which by default is available on TCP/8091 and/or TCP/18091. Authenticated users that have 'Full Admin' role assigned could send arbitrary Erlang code to the 'diag/eval' endpoint of the API and the code would subsequently be executed in the underlying operating system with privileges of the user which was used to start Couchbase. Affects Version: 4.0.0, 4.1.2, 4.5.1, 5.0.0, 4.6.5, 5.0.1, 5.1.1, 5.5.0, 5.5.1. Fix Version: 6.0.0, 5.5.2
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/bugtraq/2018/Aug/49 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/105157 | vdb-entry, x_refsource_BID | |
| https://www.couchbase.com/resources/security#SecurityAlerts | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:54.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20180823 Couchbase Server - Remote Code Execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2018/Aug/49"
},
{
"name": "105157",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105157"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Couchbase Server exposed the \u0027/diag/eval\u0027 endpoint which by default is available on TCP/8091 and/or TCP/18091. Authenticated users that have \u0027Full Admin\u0027 role assigned could send arbitrary Erlang code to the \u0027diag/eval\u0027 endpoint of the API and the code would subsequently be executed in the underlying operating system with privileges of the user which was used to start Couchbase. Affects Version: 4.0.0, 4.1.2, 4.5.1, 5.0.0, 4.6.5, 5.0.1, 5.1.1, 5.5.0, 5.5.1. Fix Version: 6.0.0, 5.5.2"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-26T18:24:58",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20180823 Couchbase Server - Remote Code Execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2018/Aug/49"
},
{
"name": "105157",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105157"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15728",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Couchbase Server exposed the \u0027/diag/eval\u0027 endpoint which by default is available on TCP/8091 and/or TCP/18091. Authenticated users that have \u0027Full Admin\u0027 role assigned could send arbitrary Erlang code to the \u0027diag/eval\u0027 endpoint of the API and the code would subsequently be executed in the underlying operating system with privileges of the user which was used to start Couchbase. Affects Version: 4.0.0, 4.1.2, 4.5.1, 5.0.0, 4.6.5, 5.0.1, 5.1.1, 5.5.0, 5.5.1. Fix Version: 6.0.0, 5.5.2"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180823 Couchbase Server - Remote Code Execution",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2018/Aug/49"
},
{
"name": "105157",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105157"
},
{
"name": "https://www.couchbase.com/resources/security#SecurityAlerts",
"refsource": "MISC",
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15728",
"datePublished": "2018-08-24T19:00:00",
"dateReserved": "2018-08-22T00:00:00",
"dateUpdated": "2024-08-05T10:01:54.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-27925
Vulnerability from cvelistv5
Published
2021-05-19 18:57
Modified
2024-08-03 21:33
Severity ?
EPSS score ?
Summary
An issue was discovered in Couchbase Server 6.5.x and 6.6.x through 6.6.1. When using the View Engine and Auditing is enabled, a crash condition can (depending on a race condition) cause an internal user with administrator privileges, @ns_server, to have its credentials leaked in cleartext in the ns_server.info.log file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.couchbase.com/resources/security#SecurityAlerts | x_refsource_MISC | |
| https://www.couchbase.com/downloads | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:17.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.couchbase.com/downloads"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Couchbase Server 6.5.x and 6.6.x through 6.6.1. When using the View Engine and Auditing is enabled, a crash condition can (depending on a race condition) cause an internal user with administrator privileges, @ns_server, to have its credentials leaked in cleartext in the ns_server.info.log file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-19T18:57:30",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.couchbase.com/downloads"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27925",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Couchbase Server 6.5.x and 6.6.x through 6.6.1. When using the View Engine and Auditing is enabled, a crash condition can (depending on a race condition) cause an internal user with administrator privileges, @ns_server, to have its credentials leaked in cleartext in the ns_server.info.log file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.couchbase.com/resources/security#SecurityAlerts",
"refsource": "MISC",
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
},
{
"name": "https://www.couchbase.com/downloads",
"refsource": "MISC",
"url": "https://www.couchbase.com/downloads"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27925",
"datePublished": "2021-05-19T18:57:30",
"dateReserved": "2021-03-03T00:00:00",
"dateUpdated": "2024-08-03T21:33:17.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-31158
Vulnerability from cvelistv5
Published
2021-05-19 18:37
Modified
2024-08-03 22:48
Severity ?
EPSS score ?
Summary
In the Query Engine in Couchbase Server 6.5.x and 6.6.x through 6.6.1, Common Table Expression queries were not correctly checking the user's permissions, allowing read-access to resources beyond what those users were explicitly allowed to access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.couchbase.com/resources/security#SecurityAlerts | x_refsource_MISC | |
| https://docs.couchbase.com/server/current/release-notes/relnotes.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:48:14.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Query Engine in Couchbase Server 6.5.x and 6.6.x through 6.6.1, Common Table Expression queries were not correctly checking the user\u0027s permissions, allowing read-access to resources beyond what those users were explicitly allowed to access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-19T18:37:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31158",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Query Engine in Couchbase Server 6.5.x and 6.6.x through 6.6.1, Common Table Expression queries were not correctly checking the user\u0027s permissions, allowing read-access to resources beyond what those users were explicitly allowed to access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.couchbase.com/resources/security#SecurityAlerts",
"refsource": "MISC",
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
},
{
"name": "https://docs.couchbase.com/server/current/release-notes/relnotes.html",
"refsource": "MISC",
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31158",
"datePublished": "2021-05-19T18:37:15",
"dateReserved": "2021-04-14T00:00:00",
"dateUpdated": "2024-08-03T22:48:14.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-11466
Vulnerability from cvelistv5
Published
2019-09-10 17:02
Modified
2024-08-04 22:55
Severity ?
EPSS score ?
Summary
In Couchbase Server 6.0.0 and 5.5.0, the eventing service exposes system diagnostic profile via an HTTP endpoint that does not require credentials on a port earmarked for internal traffic only. This has been remedied in version 6.0.1 and now requires valid credentials to access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.couchbase.com/resources/security#SecurityAlerts | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:40.205Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Couchbase Server 6.0.0 and 5.5.0, the eventing service exposes system diagnostic profile via an HTTP endpoint that does not require credentials on a port earmarked for internal traffic only. This has been remedied in version 6.0.1 and now requires valid credentials to access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-26T19:05:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11466",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Couchbase Server 6.0.0 and 5.5.0, the eventing service exposes system diagnostic profile via an HTTP endpoint that does not require credentials on a port earmarked for internal traffic only. This has been remedied in version 6.0.1 and now requires valid credentials to access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.couchbase.com/resources/security#SecurityAlerts",
"refsource": "MISC",
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11466",
"datePublished": "2019-09-10T17:02:30",
"dateReserved": "2019-04-22T00:00:00",
"dateUpdated": "2024-08-04T22:55:40.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-32565
Vulnerability from cvelistv5
Published
2022-06-13 22:15
Modified
2024-08-03 07:46
Severity ?
EPSS score ?
Summary
An issue was discovered in Couchbase Server before 7.0.4. The Backup Service log leaks unredacted usernames and document ids.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forums.couchbase.com/tags/security | x_refsource_MISC | |
| https://docs.couchbase.com/server/current/release-notes/relnotes.html | x_refsource_MISC | |
| https://www.couchbase.com/alerts | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:46:44.610Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.couchbase.com/alerts"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Couchbase Server before 7.0.4. The Backup Service log leaks unredacted usernames and document ids."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-13T22:15:23",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.couchbase.com/alerts"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-32565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Couchbase Server before 7.0.4. The Backup Service log leaks unredacted usernames and document ids."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forums.couchbase.com/tags/security",
"refsource": "MISC",
"url": "https://forums.couchbase.com/tags/security"
},
{
"name": "https://docs.couchbase.com/server/current/release-notes/relnotes.html",
"refsource": "MISC",
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"name": "https://www.couchbase.com/alerts",
"refsource": "MISC",
"url": "https://www.couchbase.com/alerts"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-32565",
"datePublished": "2022-06-13T22:15:23",
"dateReserved": "2022-06-08T00:00:00",
"dateUpdated": "2024-08-03T07:46:44.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-25673
Vulnerability from cvelistv5
Published
2024-09-19 00:00
Modified
2024-09-19 19:00
Severity ?
EPSS score ?
Summary
Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earlier versions allows HTTP Host header injection.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-25673",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T19:00:42.800358Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T19:00:50.239Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earlier versions allows HTTP Host header injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T18:43:10.878587",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://forums.couchbase.com/tags/security"
},
{
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"url": "https://www.couchbase.com/alerts/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-25673",
"datePublished": "2024-09-19T00:00:00",
"dateReserved": "2024-02-09T00:00:00",
"dateUpdated": "2024-09-19T19:00:50.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-9042
Vulnerability from cvelistv5
Published
2020-06-08 15:21
Modified
2024-08-04 10:19
Severity ?
EPSS score ?
Summary
In Couchbase Server 6.0, credentials cached by a browser can be used to perform a CSRF attack if an administrator has used their browser to check the results of a REST API request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.couchbase.com/resources/security#SecurityAlerts | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:19.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Couchbase Server 6.0, credentials cached by a browser can be used to perform a CSRF attack if an administrator has used their browser to check the results of a REST API request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-08T15:21:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-9042",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Couchbase Server 6.0, credentials cached by a browser can be used to perform a CSRF attack if an administrator has used their browser to check the results of a REST API request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.couchbase.com/resources/security#SecurityAlerts",
"refsource": "CONFIRM",
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-9042",
"datePublished": "2020-06-08T15:21:22",
"dateReserved": "2020-02-17T00:00:00",
"dateUpdated": "2024-08-04T10:19:19.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-32561
Vulnerability from cvelistv5
Published
2022-06-14 16:38
Modified
2024-08-03 07:46
Severity ?
EPSS score ?
Summary
An issue was discovered in Couchbase Server before 6.6.5 and 7.x before 7.0.4. Previous mitigations for CVE-2018-15728 were found to be insufficient when it was discovered that diagnostic endpoints could still be accessed from the network.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forums.couchbase.com/tags/security | x_refsource_MISC | |
| https://docs.couchbase.com/server/current/release-notes/relnotes.html | x_refsource_MISC | |
| https://www.couchbase.com/alerts | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:46:44.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.couchbase.com/alerts"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Couchbase Server before 6.6.5 and 7.x before 7.0.4. Previous mitigations for CVE-2018-15728 were found to be insufficient when it was discovered that diagnostic endpoints could still be accessed from the network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-14T16:38:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.couchbase.com/alerts"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-32561",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Couchbase Server before 6.6.5 and 7.x before 7.0.4. Previous mitigations for CVE-2018-15728 were found to be insufficient when it was discovered that diagnostic endpoints could still be accessed from the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forums.couchbase.com/tags/security",
"refsource": "MISC",
"url": "https://forums.couchbase.com/tags/security"
},
{
"name": "https://docs.couchbase.com/server/current/release-notes/relnotes.html",
"refsource": "MISC",
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"name": "https://www.couchbase.com/alerts",
"refsource": "MISC",
"url": "https://www.couchbase.com/alerts"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-32561",
"datePublished": "2022-06-14T16:38:13",
"dateReserved": "2022-06-08T00:00:00",
"dateUpdated": "2024-08-03T07:46:44.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-32556
Vulnerability from cvelistv5
Published
2022-07-21 11:26
Modified
2024-08-03 07:46
Severity ?
EPSS score ?
Summary
An issue was discovered in Couchbase Server before 7.0.4. A private key is leaked to the log files with certain crashes.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forums.couchbase.com/tags/security | x_refsource_MISC | |
| https://docs.couchbase.com/server/current/release-notes/relnotes.html | x_refsource_MISC | |
| https://www.couchbase.com/alerts | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:46:43.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.couchbase.com/alerts"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Couchbase Server before 7.0.4. A private key is leaked to the log files with certain crashes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-21T11:26:59",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.couchbase.com/alerts"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-32556",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Couchbase Server before 7.0.4. A private key is leaked to the log files with certain crashes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forums.couchbase.com/tags/security",
"refsource": "MISC",
"url": "https://forums.couchbase.com/tags/security"
},
{
"name": "https://docs.couchbase.com/server/current/release-notes/relnotes.html",
"refsource": "MISC",
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"name": "https://www.couchbase.com/alerts",
"refsource": "MISC",
"url": "https://www.couchbase.com/alerts"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-32556",
"datePublished": "2022-07-21T11:26:59",
"dateReserved": "2022-06-08T00:00:00",
"dateUpdated": "2024-08-03T07:46:43.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-32564
Vulnerability from cvelistv5
Published
2022-06-13 20:45
Modified
2024-08-03 07:46
Severity ?
EPSS score ?
Summary
An issue was discovered in Couchbase Server before 7.0.4. In couchbase-cli, server-eshell leaks the Cluster Manager cookie.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forums.couchbase.com/tags/security | x_refsource_MISC | |
| https://docs.couchbase.com/server/current/release-notes/relnotes.html | x_refsource_MISC | |
| https://www.couchbase.com/alerts | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:46:43.532Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.couchbase.com/alerts"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Couchbase Server before 7.0.4. In couchbase-cli, server-eshell leaks the Cluster Manager cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-13T20:45:34",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.couchbase.com/alerts"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-32564",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Couchbase Server before 7.0.4. In couchbase-cli, server-eshell leaks the Cluster Manager cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forums.couchbase.com/tags/security",
"refsource": "MISC",
"url": "https://forums.couchbase.com/tags/security"
},
{
"name": "https://docs.couchbase.com/server/current/release-notes/relnotes.html",
"refsource": "MISC",
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"name": "https://www.couchbase.com/alerts",
"refsource": "MISC",
"url": "https://www.couchbase.com/alerts"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-32564",
"datePublished": "2022-06-13T20:45:34",
"dateReserved": "2022-06-08T00:00:00",
"dateUpdated": "2024-08-03T07:46:43.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-11465
Vulnerability from cvelistv5
Published
2019-09-10 16:55
Modified
2024-08-04 22:55
Severity ?
EPSS score ?
Summary
An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6.0.0. The Memcached "connections" stat block command emits a non-redacted username. The system information submitted to Couchbase as part of a bug report included the usernames for all users currently logged into the system even if the log was redacted for privacy. This has been fixed (in 5.5.4 and 6.0.1) so that usernames are tagged properly in the logs and are hashed out when the logs are redacted.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.couchbase.com/resources/security#SecurityAlerts | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:39.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6.0.0. The Memcached \"connections\" stat block command emits a non-redacted username. The system information submitted to Couchbase as part of a bug report included the usernames for all users currently logged into the system even if the log was redacted for privacy. This has been fixed (in 5.5.4 and 6.0.1) so that usernames are tagged properly in the logs and are hashed out when the logs are redacted."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-10T16:55:49",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11465",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6.0.0. The Memcached \"connections\" stat block command emits a non-redacted username. The system information submitted to Couchbase as part of a bug report included the usernames for all users currently logged into the system even if the log was redacted for privacy. This has been fixed (in 5.5.4 and 6.0.1) so that usernames are tagged properly in the logs and are hashed out when the logs are redacted."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.couchbase.com/resources/security#SecurityAlerts",
"refsource": "MISC",
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11465",
"datePublished": "2019-09-10T16:55:49",
"dateReserved": "2019-04-22T00:00:00",
"dateUpdated": "2024-08-04T22:55:39.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-25016
Vulnerability from cvelistv5
Published
2023-02-06 00:00
Modified
2024-08-02 11:11
Severity ?
EPSS score ?
Summary
Couchbase Server before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2 exposes Sensitive Information to an Unauthorized Actor.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:11:43.767Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.couchbase.com/alerts/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Couchbase Server before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2 exposes Sensitive Information to an Unauthorized Actor."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-06T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://forums.couchbase.com/tags/security"
},
{
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"url": "https://www.couchbase.com/alerts/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-25016",
"datePublished": "2023-02-06T00:00:00",
"dateReserved": "2023-02-02T00:00:00",
"dateUpdated": "2024-08-02T11:11:43.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-27924
Vulnerability from cvelistv5
Published
2021-05-19 19:01
Modified
2024-08-03 21:33
Severity ?
EPSS score ?
Summary
An issue was discovered in Couchbase Server 6.x through 6.6.1. The Couchbase Server UI is insecurely logging session cookies in the logs. This allows for the impersonation of a user if the log files are obtained by an attacker before a session cookie expires.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.couchbase.com/resources/security#SecurityAlerts | x_refsource_MISC | |
| https://www.couchbase.com/downloads | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:17.197Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.couchbase.com/downloads"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Couchbase Server 6.x through 6.6.1. The Couchbase Server UI is insecurely logging session cookies in the logs. This allows for the impersonation of a user if the log files are obtained by an attacker before a session cookie expires."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-19T19:01:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.couchbase.com/downloads"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27924",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Couchbase Server 6.x through 6.6.1. The Couchbase Server UI is insecurely logging session cookies in the logs. This allows for the impersonation of a user if the log files are obtained by an attacker before a session cookie expires."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.couchbase.com/resources/security#SecurityAlerts",
"refsource": "MISC",
"url": "https://www.couchbase.com/resources/security#SecurityAlerts"
},
{
"name": "https://www.couchbase.com/downloads",
"refsource": "MISC",
"url": "https://www.couchbase.com/downloads"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27924",
"datePublished": "2021-05-19T19:01:24",
"dateReserved": "2021-03-03T00:00:00",
"dateUpdated": "2024-08-03T21:33:17.197Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-32192
Vulnerability from cvelistv5
Published
2022-06-13 22:15
Modified
2024-08-03 07:32
Severity ?
EPSS score ?
Summary
Couchbase Server 5.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.couchbase.com/server/current/release-notes/relnotes.html | x_refsource_MISC | |
| https://www.couchbase.com/alerts | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:32:56.016Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.couchbase.com/alerts"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Couchbase Server 5.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-13T22:15:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.couchbase.com/alerts"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-32192",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Couchbase Server 5.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.couchbase.com/server/current/release-notes/relnotes.html",
"refsource": "MISC",
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"name": "https://www.couchbase.com/alerts",
"refsource": "MISC",
"url": "https://www.couchbase.com/alerts"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-32192",
"datePublished": "2022-06-13T22:15:07",
"dateReserved": "2022-06-01T00:00:00",
"dateUpdated": "2024-08-03T07:32:56.016Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-32562
Vulnerability from cvelistv5
Published
2022-06-13 22:15
Modified
2024-08-03 07:46
Severity ?
EPSS score ?
Summary
An issue was discovered in Couchbase Server before 7.0.4. Operations may succeed on a collection using stale RBAC permission.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forums.couchbase.com/tags/security | x_refsource_MISC | |
| https://docs.couchbase.com/server/current/release-notes/relnotes.html | x_refsource_MISC | |
| https://www.couchbase.com/alerts | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:46:43.474Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.couchbase.com/alerts"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Couchbase Server before 7.0.4. Operations may succeed on a collection using stale RBAC permission."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-13T22:15:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.couchbase.com/alerts"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-32562",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Couchbase Server before 7.0.4. Operations may succeed on a collection using stale RBAC permission."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forums.couchbase.com/tags/security",
"refsource": "MISC",
"url": "https://forums.couchbase.com/tags/security"
},
{
"name": "https://docs.couchbase.com/server/current/release-notes/relnotes.html",
"refsource": "MISC",
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"name": "https://www.couchbase.com/alerts",
"refsource": "MISC",
"url": "https://www.couchbase.com/alerts"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-32562",
"datePublished": "2022-06-13T22:15:15",
"dateReserved": "2022-06-08T00:00:00",
"dateUpdated": "2024-08-03T07:46:43.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3079
Vulnerability from cvelistv5
Published
2023-06-05 21:40
Modified
2025-01-08 17:31
Severity ?
EPSS score ?
Summary
Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:04.142Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://crbug.com/1450481"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.couchbase.com/alerts/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5420"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DYTXO5E3FI3I2ETDP3HF4SHYYTFMKMIC/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U4OXTNIZY4JYHJT7CVLPAJQILI6BISVM/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-11"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/176211/Chrome-V8-Type-Confusion.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/176212/Chrome-V8-Type-Confusion-New-Sandbox-Escape.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-34"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-3079",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-08T17:30:24.502921Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-06-07",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-3079"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-08T17:31:08.186Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "114.0.5735.110",
"status": "affected",
"version": "114.0.5735.110",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Type Confusion",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-05T21:40:06.622Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html"
},
{
"url": "https://crbug.com/1450481"
},
{
"url": "https://www.couchbase.com/alerts/"
},
{
"url": "https://www.debian.org/security/2023/dsa-5420"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DYTXO5E3FI3I2ETDP3HF4SHYYTFMKMIC/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U4OXTNIZY4JYHJT7CVLPAJQILI6BISVM/"
},
{
"url": "https://security.gentoo.org/glsa/202311-11"
},
{
"url": "http://packetstormsecurity.com/files/176211/Chrome-V8-Type-Confusion.html"
},
{
"url": "http://packetstormsecurity.com/files/176212/Chrome-V8-Type-Confusion-New-Sandbox-Escape.html"
},
{
"url": "https://security.gentoo.org/glsa/202401-34"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2023-3079",
"datePublished": "2023-06-05T21:40:06.622Z",
"dateReserved": "2023-06-02T21:29:44.556Z",
"dateUpdated": "2025-01-08T17:31:08.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-37034
Vulnerability from cvelistv5
Published
2024-07-26 00:00
Modified
2024-08-02 03:43
Severity ?
EPSS score ?
Summary
An issue was discovered in Couchbase Server before 7.2.5 and 7.6.0 before 7.6.1. It does not ensure that credentials are negotiated with the Key-Value (KV) service using SCRAM-SHA when remote link encryption is configured for Half-Secure.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.couchbase.com/alerts/ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37034",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-29T17:06:59.477019Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T17:07:14.016Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.couchbase.com/alerts/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Couchbase Server before 7.2.5 and 7.6.0 before 7.6.1. It does not ensure that credentials are negotiated with the Key-Value (KV) service using SCRAM-SHA when remote link encryption is configured for Half-Secure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T21:24:41.121637",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.couchbase.com/alerts/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-37034",
"datePublished": "2024-07-26T00:00:00",
"dateReserved": "2024-05-31T00:00:00",
"dateUpdated": "2024-08-02T03:43:50.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-32193
Vulnerability from cvelistv5
Published
2022-06-13 20:45
Modified
2024-08-03 07:32
Severity ?
EPSS score ?
Summary
Couchbase Server 6.6.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.couchbase.com/server/current/release-notes/relnotes.html | x_refsource_MISC | |
| https://www.couchbase.com/alerts | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:32:56.023Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.couchbase.com/alerts"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Couchbase Server 6.6.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-13T20:45:54",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.couchbase.com/alerts"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-32193",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Couchbase Server 6.6.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.couchbase.com/server/current/release-notes/relnotes.html",
"refsource": "MISC",
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"name": "https://www.couchbase.com/alerts",
"refsource": "MISC",
"url": "https://www.couchbase.com/alerts"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-32193",
"datePublished": "2022-06-13T20:45:55",
"dateReserved": "2022-06-01T00:00:00",
"dateUpdated": "2024-08-03T07:32:56.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-35944
Vulnerability from cvelistv5
Published
2021-09-29 19:26
Modified
2024-08-04 00:40
Severity ?
EPSS score ?
Summary
Couchbase Server 6.5.x, 6.6.x through 6.6.2, and 7.0.0 has a Buffer Overflow. A specially crafted network packet sent from an attacker can crash memcached.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.couchbase.com/server/current/release-notes/relnotes.html | x_refsource_MISC | |
| https://www.couchbase.com/alerts | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:40:47.372Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.couchbase.com/alerts"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Couchbase Server 6.5.x, 6.6.x through 6.6.2, and 7.0.0 has a Buffer Overflow. A specially crafted network packet sent from an attacker can crash memcached."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-29T19:26:33",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.couchbase.com/alerts"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-35944",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Couchbase Server 6.5.x, 6.6.x through 6.6.2, and 7.0.0 has a Buffer Overflow. A specially crafted network packet sent from an attacker can crash memcached."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.couchbase.com/server/current/release-notes/relnotes.html",
"refsource": "MISC",
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"name": "https://www.couchbase.com/alerts",
"refsource": "MISC",
"url": "https://www.couchbase.com/alerts"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-35944",
"datePublished": "2021-09-29T19:26:33",
"dateReserved": "2021-06-29T00:00:00",
"dateUpdated": "2024-08-04T00:40:47.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-45875
Vulnerability from cvelistv5
Published
2023-11-08 00:00
Modified
2024-09-04 15:12
Severity ?
EPSS score ?
Summary
An issue was discovered in Couchbase Server 7.2.0. There is a private key leak in debug.log while adding a pre-7.0 node to a 7.2 cluster.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:29:32.509Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://forums.couchbase.com/tags/security"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.couchbase.com/alerts/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45875",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T15:10:31.400021Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T15:12:41.582Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Couchbase Server 7.2.0. There is a private key leak in debug.log while adding a pre-7.0 node to a 7.2 cluster."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-08T20:57:53.271286",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://forums.couchbase.com/tags/security"
},
{
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"url": "https://www.couchbase.com/alerts/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45875",
"datePublished": "2023-11-08T00:00:00",
"dateReserved": "2023-10-15T00:00:00",
"dateUpdated": "2024-09-04T15:12:41.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33504
Vulnerability from cvelistv5
Published
2022-05-31 20:29
Modified
2024-08-03 23:50
Severity ?
EPSS score ?
Summary
Couchbase Server before 7.1.0 has Incorrect Access Control.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.couchbase.com/server/current/release-notes/relnotes.html | x_refsource_MISC | |
| https://www.couchbase.com/alerts | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:42.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.couchbase.com/alerts"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Couchbase Server before 7.1.0 has Incorrect Access Control."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-31T20:29:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.couchbase.com/alerts"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-33504",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Couchbase Server before 7.1.0 has Incorrect Access Control."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.couchbase.com/server/current/release-notes/relnotes.html",
"refsource": "MISC",
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"name": "https://www.couchbase.com/alerts",
"refsource": "MISC",
"url": "https://www.couchbase.com/alerts"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-33504",
"datePublished": "2022-05-31T20:29:03",
"dateReserved": "2021-05-21T00:00:00",
"dateUpdated": "2024-08-03T23:50:42.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-35945
Vulnerability from cvelistv5
Published
2021-09-29 19:11
Modified
2024-08-04 00:47
Severity ?
EPSS score ?
Summary
Couchbase Server 6.5.x, 6.6.0 through 6.6.2, and 7.0.0, has a Buffer Overflow. A specially crafted network packet sent from an attacker can crash memcached.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.couchbase.com/server/current/release-notes/relnotes.html | x_refsource_MISC | |
| https://www.couchbase.com/alerts | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:47:42.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.couchbase.com/alerts"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Couchbase Server 6.5.x, 6.6.0 through 6.6.2, and 7.0.0, has a Buffer Overflow. A specially crafted network packet sent from an attacker can crash memcached."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-29T19:30:36",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.couchbase.com/alerts"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-35945",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Couchbase Server 6.5.x, 6.6.0 through 6.6.2, and 7.0.0, has a Buffer Overflow. A specially crafted network packet sent from an attacker can crash memcached."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.couchbase.com/server/current/release-notes/relnotes.html",
"refsource": "MISC",
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"name": "https://www.couchbase.com/alerts",
"refsource": "MISC",
"url": "https://www.couchbase.com/alerts"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-35945",
"datePublished": "2021-09-29T19:11:59",
"dateReserved": "2021-06-29T00:00:00",
"dateUpdated": "2024-08-04T00:47:42.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}