VYPR

Couchbase Server

by Couchbase

CVEs (45)

  • CVE-2022-32557HigJun 14, 2022
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Couchbase Server before 7.0.4. The Index Service does not enforce authentication for TCP/TLS servers.

  • CVE-2022-32565HigJun 13, 2022
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Couchbase Server before 7.0.4. The Backup Service log leaks unredacted usernames and document ids.

  • CVE-2022-32192HigJun 13, 2022
    risk 0.49cvss 7.5epss 0.01

    Couchbase Server 5.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor.

  • CVE-2022-32560HigJun 13, 2022
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Couchbase Server before 7.0.4. XDCR lacks role checking when changing internal settings.

  • CVE-2022-32558HigJun 13, 2022
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Couchbase Server before 7.0.4. Sample bucket loading may leak internal user passwords during a failure.

  • CVE-2021-37842HigNov 2, 2021
    risk 0.49cvss 7.5epss 0.01

    metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, which is being logged, has…

  • CVE-2021-25644HigMay 19, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta. Incorrect commands to the REST API can result in leaked authentication information being stored in cleartext in the debug.log and info.log files, and is also shown in the UI visible to…

  • CVE-2020-9041HigJun 8, 2020
    risk 0.49cvss 7.5epss 0.01

    In Couchbase Server 6.0.3 and Couchbase Sync Gateway through 2.7.0, the Cluster management, views, query, and full-text search endpoints are vulnerable to the Slowloris denial-of-service attack because they don't more aggressively terminate slow connections.

  • CVE-2019-11497HigSep 10, 2019
    risk 0.49cvss 7.5epss 0.01

    In Couchbase Server 5.0.0, when an invalid Remote Cluster Certificate was entered as part of the reference creation, XDCR did not parse and check the certificate signature. It then accepted the invalid certificate and attempted to use it to establish future connections to the…

  • CVE-2024-56178MedJan 27, 2025
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in Couchbase Server 7.6.x through 7.6.3. A user with the security_admin_local role can create a new user in a group that has the admin role.

  • CVE-2023-45873MedFeb 28, 2024
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in Couchbase Server through 7.2.2. A data reader may cause a denial of service (application exist) because of the OOM killer.

  • CVE-2022-32193MedJun 13, 2022
    risk 0.42cvss 6.5epss 0.01

    Couchbase Server 6.6.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor.

  • CVE-2021-31158MedMay 19, 2021
    risk 0.42cvss 6.5epss 0.01

    In the Query Engine in Couchbase Server 6.5.x and 6.6.x through 6.6.1, Common Table Expression queries were not correctly checking the user's permissions, allowing read-access to resources beyond what those users were explicitly allowed to access.

  • CVE-2023-43769MedFeb 29, 2024
    risk 0.41cvss 6.3epss 0.00

    An issue was discovered in Couchbase Server through 7.1.4 before 7.1.5 and before 7.2.1. There are Unauthenticated RMI Service Ports Exposed in Analytics.

  • CVE-2024-25673MedSep 19, 2024
    risk 0.40cvss 6.1epss 0.00

    Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earlier versions allows HTTP Host header injection.

  • CVE-2019-11464MedSep 10, 2019
    risk 0.40cvss 6.1epss 0.01

    Some enterprises require that REST API endpoints include security-related headers in REST responses. Headers such as X-Frame-Options and X-Content-Type-Options are generally advisable, however some information security professionals additionally look for…

  • CVE-2022-34826MedJul 15, 2022
    risk 0.38cvss 5.9epss 0.01

    In Couchbase Server 7.1.x before 7.1.1, an encrypted Private Key passphrase may be leaked in the logs.

  • CVE-2021-27924MedMay 19, 2021
    risk 0.38cvss 5.9epss 0.01

    An issue was discovered in Couchbase Server 6.x through 6.6.1. The Couchbase Server UI is insecurely logging session cookies in the logs. This allows for the impersonation of a user if the log files are obtained by an attacker before a session cookie expires.

  • CVE-2023-49932MedFeb 29, 2024
    risk 0.35cvss 5.4epss 0.01

    An issue was discovered in Couchbase Server before 7.2.4. An attacker can bypass SQL++ N1QL cURL host restrictions.

  • CVE-2022-33911MedJul 12, 2022
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in Couchbase Server 7.x before 7.0.4. Field names are not redacted in logged validation messages for Analytics Service. An Unauthorized Actor may be able to obtain Sensitive Information.