Unrated severityNVD Advisory· Published Feb 6, 2023· Updated Mar 26, 2025

CVE-2022-42951

Description

An issue was discovered in Couchbase Server 6.5.x and 6.6.x before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2. During the start-up of a Couchbase Server node, there is a small window of time (before the cluster management authentication has started) where an attacker can connect to the cluster manager using default credentials.

Affected products

Couchbase/Couchbase Servercpe-rescue

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

docs.couchbase.com/server/current/release-notes/relnotes.htmlmitre
forums.couchbase.com/tags/securitymitre
www.couchbase.com/alerts/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000