CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32192
https://notcve.org/view.php?id=CVE-2022-32192
13 Jun 2022 — Couchbase Server 5.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor. Couchbase Server versiones 5.x hasta 7.x anteriores a 7.0.4, expone Información Confidencial a un Actor no Autorizado • https://docs.couchbase.com/server/current/release-notes/relnotes.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32560
https://notcve.org/view.php?id=CVE-2022-32560
13 Jun 2022 — An issue was discovered in Couchbase Server before 7.0.4. XDCR lacks role checking when changing internal settings. Se ha detectado un problema en Couchbase Server versiones anteriores a 7.0.4. XDCR carece de comprobación de roles cuando es cambiada la configuración interna • https://docs.couchbase.com/server/current/release-notes/relnotes.html • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32564
https://notcve.org/view.php?id=CVE-2022-32564
13 Jun 2022 — An issue was discovered in Couchbase Server before 7.0.4. In couchbase-cli, server-eshell leaks the Cluster Manager cookie. Se ha detectado un problema en Couchbase Server versiones anteriores a 7.0.4. En couchbase-cli, server-eshell filtra la cookie de Cluster Manager • https://docs.couchbase.com/server/current/release-notes/relnotes.html •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33504
https://notcve.org/view.php?id=CVE-2021-33504
31 May 2022 — Couchbase Server before 7.1.0 has Incorrect Access Control. Couchbase Server versiones anteriores a 7.1.0, presenta un Control de Acceso Incorrecto • https://docs.couchbase.com/server/current/release-notes/relnotes.html •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-42763
https://notcve.org/view.php?id=CVE-2021-42763
02 Nov 2021 — Couchbase Server before 6.6.3 and 7.x before 7.0.2 stores Sensitive Information in Cleartext. The issue occurs when the cluster manager forwards a HTTP request from the pluggable UI (query workbench etc) to the specific service. In the backtrace, the Basic Auth Header included in the HTTP request, has the "@" user credentials of the node processing the UI request. Couchbase Server versiones anteriores a 6.6.3 y 7.x anteriores a 7.0.2, almacena información confidencial en texto sin cifrar. El problema se pro... • https://docs.couchbase.com/server/current/release-notes/relnotes.html • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-35944
https://notcve.org/view.php?id=CVE-2021-35944
29 Sep 2021 — Couchbase Server 6.5.x, 6.6.x through 6.6.2, and 7.0.0 has a Buffer Overflow. A specially crafted network packet sent from an attacker can crash memcached. Couchbase Server versiones 6.5.x, 6.6.x hasta 6.6.2, y 7.0.0, presenta un desbordamiento del búfer. Un paquete de red especialmente diseñado enviado por un atacante puede bloquear memcached • https://docs.couchbase.com/server/current/release-notes/relnotes.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-35943
https://notcve.org/view.php?id=CVE-2021-35943
29 Sep 2021 — Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Control. Externally managed users are not prevented from using an empty password, per RFC4513. Couchbase Server versiones 6.5.x y 6.6.x hasta 6.6.2, presenta un Control de Acceso Incorrecto. No se impide a usuarios administrados externamente usar una contraseña vacía, según RFC4513 • https://docs.couchbase.com/server/current/release-notes/relnotes.html • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-35945
https://notcve.org/view.php?id=CVE-2021-35945
29 Sep 2021 — Couchbase Server 6.5.x, 6.6.0 through 6.6.2, and 7.0.0, has a Buffer Overflow. A specially crafted network packet sent from an attacker can crash memcached. Couchbase Server versiones 6.5.x, 6.6.0 hasta 6.6.2, y 7.0.0, presenta un desbordamiento del búfer. Un paquete de red especialmente diseñado enviado por un atacante puede bloquear memcached • https://docs.couchbase.com/server/current/release-notes/relnotes.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2021-25643
https://notcve.org/view.php?id=CVE-2021-25643
26 May 2021 — An issue was discovered in Couchbase Server 5.x and 6.x before 6.5.2 and 6.6.x before 6.6.2. Internal users with administrator privileges, @cbq-engine-cbauth and @index-cbauth, leak credentials in cleartext in the indexer.log file when they make a /listCreateTokens, /listRebalanceTokens, or /listMetadataTokens call. Se detectó un problema en Couchbase Server versiones 5.x y versiones 6.x anteriores a 6.5.2 y versiones 6.6.x anteriores a 6.6.2. Los usuarios internos con privilegios de administrador, @cb... • https://www.couchbase.com/resources/security#SecurityAlerts • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27924
https://notcve.org/view.php?id=CVE-2021-27924
19 May 2021 — An issue was discovered in Couchbase Server 6.x through 6.6.1. The Couchbase Server UI is insecurely logging session cookies in the logs. This allows for the impersonation of a user if the log files are obtained by an attacker before a session cookie expires. Se detectó un problema en Couchbase Server versiones 6.x hasta 6.6.1. La Interfaz de Usuario de Couchbase Server está registrando cookies de sesión de forma no segura en los registros. • https://www.couchbase.com/downloads • CWE-319: Cleartext Transmission of Sensitive Information •