CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32557
https://notcve.org/view.php?id=CVE-2022-32557
14 Jun 2022 — An issue was discovered in Couchbase Server before 7.0.4. The Index Service does not enforce authentication for TCP/TLS servers. Se ha detectado un problema en Couchbase Server versiones anteriores a 7.0.4. El servicio de índices no aplica la autenticación para los servidores TCP/TLS • https://docs.couchbase.com/server/current/release-notes/relnotes.html • CWE-306: Missing Authentication for Critical Function •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32561
https://notcve.org/view.php?id=CVE-2022-32561
14 Jun 2022 — An issue was discovered in Couchbase Server before 6.6.5 and 7.x before 7.0.4. Previous mitigations for CVE-2018-15728 were found to be insufficient when it was discovered that diagnostic endpoints could still be accessed from the network. Se ha detectado un problema en Couchbase Server versiones anteriores a 6.6.5 y versiones 7.x anteriores a 7.0.4. Las mitigaciones anteriores para CVE-2018-15728 resultaron insuficientes cuando ha sido detectado que se podía seguir accediendo a los endpoints de diagnóstico... • https://docs.couchbase.com/server/current/release-notes/relnotes.html •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32192
https://notcve.org/view.php?id=CVE-2022-32192
13 Jun 2022 — Couchbase Server 5.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor. Couchbase Server versiones 5.x hasta 7.x anteriores a 7.0.4, expone Información Confidencial a un Actor no Autorizado • https://docs.couchbase.com/server/current/release-notes/relnotes.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-32193
https://notcve.org/view.php?id=CVE-2022-32193
13 Jun 2022 — Couchbase Server 6.6.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor. Couchbase Server versiones 6.6.x hasta 7.x anteriores a 7.0.4, expone información confidencial a un actor no autorizado • https://docs.couchbase.com/server/current/release-notes/relnotes.html • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-32558
https://notcve.org/view.php?id=CVE-2022-32558
13 Jun 2022 — An issue was discovered in Couchbase Server before 7.0.4. Sample bucket loading may leak internal user passwords during a failure. Se ha detectado un problema en Couchbase Server versiones anteriores a 7.0.4. La carga de cubos de muestra puede filtrar las contraseñas de usuarios internos durante un fallo • https://docs.couchbase.com/server/current/release-notes/relnotes.html •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32560
https://notcve.org/view.php?id=CVE-2022-32560
13 Jun 2022 — An issue was discovered in Couchbase Server before 7.0.4. XDCR lacks role checking when changing internal settings. Se ha detectado un problema en Couchbase Server versiones anteriores a 7.0.4. XDCR carece de comprobación de roles cuando es cambiada la configuración interna • https://docs.couchbase.com/server/current/release-notes/relnotes.html • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32564
https://notcve.org/view.php?id=CVE-2022-32564
13 Jun 2022 — An issue was discovered in Couchbase Server before 7.0.4. In couchbase-cli, server-eshell leaks the Cluster Manager cookie. Se ha detectado un problema en Couchbase Server versiones anteriores a 7.0.4. En couchbase-cli, server-eshell filtra la cookie de Cluster Manager • https://docs.couchbase.com/server/current/release-notes/relnotes.html •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33504
https://notcve.org/view.php?id=CVE-2021-33504
31 May 2022 — Couchbase Server before 7.1.0 has Incorrect Access Control. Couchbase Server versiones anteriores a 7.1.0, presenta un Control de Acceso Incorrecto • https://docs.couchbase.com/server/current/release-notes/relnotes.html •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-42763
https://notcve.org/view.php?id=CVE-2021-42763
02 Nov 2021 — Couchbase Server before 6.6.3 and 7.x before 7.0.2 stores Sensitive Information in Cleartext. The issue occurs when the cluster manager forwards a HTTP request from the pluggable UI (query workbench etc) to the specific service. In the backtrace, the Basic Auth Header included in the HTTP request, has the "@" user credentials of the node processing the UI request. Couchbase Server versiones anteriores a 6.6.3 y 7.x anteriores a 7.0.2, almacena información confidencial en texto sin cifrar. El problema se pro... • https://docs.couchbase.com/server/current/release-notes/relnotes.html • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-35944
https://notcve.org/view.php?id=CVE-2021-35944
29 Sep 2021 — Couchbase Server 6.5.x, 6.6.x through 6.6.2, and 7.0.0 has a Buffer Overflow. A specially crafted network packet sent from an attacker can crash memcached. Couchbase Server versiones 6.5.x, 6.6.x hasta 6.6.2, y 7.0.0, presenta un desbordamiento del búfer. Un paquete de red especialmente diseñado enviado por un atacante puede bloquear memcached • https://docs.couchbase.com/server/current/release-notes/relnotes.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •