CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32564
https://notcve.org/view.php?id=CVE-2022-32564
13 Jun 2022 — An issue was discovered in Couchbase Server before 7.0.4. In couchbase-cli, server-eshell leaks the Cluster Manager cookie. Se ha detectado un problema en Couchbase Server versiones anteriores a 7.0.4. En couchbase-cli, server-eshell filtra la cookie de Cluster Manager • https://docs.couchbase.com/server/current/release-notes/relnotes.html •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33504
https://notcve.org/view.php?id=CVE-2021-33504
31 May 2022 — Couchbase Server before 7.1.0 has Incorrect Access Control. Couchbase Server versiones anteriores a 7.1.0, presenta un Control de Acceso Incorrecto • https://docs.couchbase.com/server/current/release-notes/relnotes.html •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-42763
https://notcve.org/view.php?id=CVE-2021-42763
02 Nov 2021 — Couchbase Server before 6.6.3 and 7.x before 7.0.2 stores Sensitive Information in Cleartext. The issue occurs when the cluster manager forwards a HTTP request from the pluggable UI (query workbench etc) to the specific service. In the backtrace, the Basic Auth Header included in the HTTP request, has the "@" user credentials of the node processing the UI request. Couchbase Server versiones anteriores a 6.6.3 y 7.x anteriores a 7.0.2, almacena información confidencial en texto sin cifrar. El problema se pro... • https://docs.couchbase.com/server/current/release-notes/relnotes.html • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-35945
https://notcve.org/view.php?id=CVE-2021-35945
29 Sep 2021 — Couchbase Server 6.5.x, 6.6.0 through 6.6.2, and 7.0.0, has a Buffer Overflow. A specially crafted network packet sent from an attacker can crash memcached. Couchbase Server versiones 6.5.x, 6.6.0 hasta 6.6.2, y 7.0.0, presenta un desbordamiento del búfer. Un paquete de red especialmente diseñado enviado por un atacante puede bloquear memcached • https://docs.couchbase.com/server/current/release-notes/relnotes.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2021-25643
https://notcve.org/view.php?id=CVE-2021-25643
26 May 2021 — An issue was discovered in Couchbase Server 5.x and 6.x before 6.5.2 and 6.6.x before 6.6.2. Internal users with administrator privileges, @cbq-engine-cbauth and @index-cbauth, leak credentials in cleartext in the indexer.log file when they make a /listCreateTokens, /listRebalanceTokens, or /listMetadataTokens call. Se detectó un problema en Couchbase Server versiones 5.x y versiones 6.x anteriores a 6.5.2 y versiones 6.6.x anteriores a 6.6.2. Los usuarios internos con privilegios de administrador, @cb... • https://www.couchbase.com/resources/security#SecurityAlerts • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-25644
https://notcve.org/view.php?id=CVE-2021-25644
19 May 2021 — An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta. Incorrect commands to the REST API can result in leaked authentication information being stored in cleartext in the debug.log and info.log files, and is also shown in the UI visible to administrators. Se detectó un problema en Couchbase Server versiones 5.x y versiones 6.x hasta 6.6.1 y versión 7.0.0 Beta. Unos comandos incorrectos de la API REST puede resultar que la información de autenticación filtrada sea almacena... • https://www.couchbase.com/downloads • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2021-25645
https://notcve.org/view.php?id=CVE-2021-25645
10 May 2021 — An issue was discovered in Couchbase Server before 6.0.5, 6.1.x through 6.5.x before 6.5.2, and 6.6.x before 6.6.1. An internal user with administrator privileges, @ns_server, leaks credentials in cleartext in the cbcollect_info.log, debug.log, ns_couchdb.log, indexer.log, and stats.log files. NOTE: updating the product does not automatically address leaks that occurred in the past. Se detectó un problema en Couchbase Server versiones anteriores a 6.0.5, 6.1.x hasta versiones 6.5.x anteriores a 6.5.2 y vers... • https://www.couchbase.com/downloads • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2020-9039
https://notcve.org/view.php?id=CVE-2020-9039
22 Feb 2020 — Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6.5, 5.0.0, 5.1.1, 5.5.0 and 5.5.1 have Insecure Permissions for the projector and indexer REST endpoints (they allow unauthenticated access).The /settings REST endpoint exposed by the projector process is an endpoint that administrators can use for various tasks such as updating configuration and collecting performance profiles. The endpoint was unauthenticated and has been updated to only allow authenticated users to access these administ... • https://www.couchbase.com/resources/security#SecurityAlerts • CWE-276: Incorrect Default Permissions •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-11466
https://notcve.org/view.php?id=CVE-2019-11466
10 Sep 2019 — In Couchbase Server 6.0.0 and 5.5.0, the eventing service exposes system diagnostic profile via an HTTP endpoint that does not require credentials on a port earmarked for internal traffic only. This has been remedied in version 6.0.1 and now requires valid credentials to access. En Couchbase Server versiones 6.0.0 y 5.5.0, el servicio de eventos expone el perfil de diagnóstico del sistema a través de un punto final HTTP que no requiere credenciales en un puerto destinado solo para tráfico interno. Esto se s... • https://www.couchbase.com/resources/security#SecurityAlerts • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-11465
https://notcve.org/view.php?id=CVE-2019-11465
10 Sep 2019 — An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6.0.0. The Memcached "connections" stat block command emits a non-redacted username. The system information submitted to Couchbase as part of a bug report included the usernames for all users currently logged into the system even if the log was redacted for privacy. This has been fixed (in 5.5.4 and 6.0.1) so that usernames are tagged properly in the logs and are hashed out when the logs are redacted. Se detectó un problema en Couchbase Ser... • https://www.couchbase.com/resources/security#SecurityAlerts • CWE-532: Insertion of Sensitive Information into Log File •