CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32564
https://notcve.org/view.php?id=CVE-2022-32564
13 Jun 2022 — An issue was discovered in Couchbase Server before 7.0.4. In couchbase-cli, server-eshell leaks the Cluster Manager cookie. Se ha detectado un problema en Couchbase Server versiones anteriores a 7.0.4. En couchbase-cli, server-eshell filtra la cookie de Cluster Manager • https://docs.couchbase.com/server/current/release-notes/relnotes.html •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33504
https://notcve.org/view.php?id=CVE-2021-33504
31 May 2022 — Couchbase Server before 7.1.0 has Incorrect Access Control. Couchbase Server versiones anteriores a 7.1.0, presenta un Control de Acceso Incorrecto • https://docs.couchbase.com/server/current/release-notes/relnotes.html •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-42763
https://notcve.org/view.php?id=CVE-2021-42763
02 Nov 2021 — Couchbase Server before 6.6.3 and 7.x before 7.0.2 stores Sensitive Information in Cleartext. The issue occurs when the cluster manager forwards a HTTP request from the pluggable UI (query workbench etc) to the specific service. In the backtrace, the Basic Auth Header included in the HTTP request, has the "@" user credentials of the node processing the UI request. Couchbase Server versiones anteriores a 6.6.3 y 7.x anteriores a 7.0.2, almacena información confidencial en texto sin cifrar. El problema se pro... • https://docs.couchbase.com/server/current/release-notes/relnotes.html • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-35945
https://notcve.org/view.php?id=CVE-2021-35945
29 Sep 2021 — Couchbase Server 6.5.x, 6.6.0 through 6.6.2, and 7.0.0, has a Buffer Overflow. A specially crafted network packet sent from an attacker can crash memcached. Couchbase Server versiones 6.5.x, 6.6.0 hasta 6.6.2, y 7.0.0, presenta un desbordamiento del búfer. Un paquete de red especialmente diseñado enviado por un atacante puede bloquear memcached • https://docs.couchbase.com/server/current/release-notes/relnotes.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2021-25643
https://notcve.org/view.php?id=CVE-2021-25643
26 May 2021 — An issue was discovered in Couchbase Server 5.x and 6.x before 6.5.2 and 6.6.x before 6.6.2. Internal users with administrator privileges, @cbq-engine-cbauth and @index-cbauth, leak credentials in cleartext in the indexer.log file when they make a /listCreateTokens, /listRebalanceTokens, or /listMetadataTokens call. Se detectó un problema en Couchbase Server versiones 5.x y versiones 6.x anteriores a 6.5.2 y versiones 6.6.x anteriores a 6.6.2. Los usuarios internos con privilegios de administrador, @cb... • https://www.couchbase.com/resources/security#SecurityAlerts • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27924
https://notcve.org/view.php?id=CVE-2021-27924
19 May 2021 — An issue was discovered in Couchbase Server 6.x through 6.6.1. The Couchbase Server UI is insecurely logging session cookies in the logs. This allows for the impersonation of a user if the log files are obtained by an attacker before a session cookie expires. Se detectó un problema en Couchbase Server versiones 6.x hasta 6.6.1. La Interfaz de Usuario de Couchbase Server está registrando cookies de sesión de forma no segura en los registros. • https://www.couchbase.com/downloads • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-25644
https://notcve.org/view.php?id=CVE-2021-25644
19 May 2021 — An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta. Incorrect commands to the REST API can result in leaked authentication information being stored in cleartext in the debug.log and info.log files, and is also shown in the UI visible to administrators. Se detectó un problema en Couchbase Server versiones 5.x y versiones 6.x hasta 6.6.1 y versión 7.0.0 Beta. Unos comandos incorrectos de la API REST puede resultar que la información de autenticación filtrada sea almacena... • https://www.couchbase.com/downloads • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2021-25645
https://notcve.org/view.php?id=CVE-2021-25645
10 May 2021 — An issue was discovered in Couchbase Server before 6.0.5, 6.1.x through 6.5.x before 6.5.2, and 6.6.x before 6.6.1. An internal user with administrator privileges, @ns_server, leaks credentials in cleartext in the cbcollect_info.log, debug.log, ns_couchdb.log, indexer.log, and stats.log files. NOTE: updating the product does not automatically address leaks that occurred in the past. Se detectó un problema en Couchbase Server versiones anteriores a 6.0.5, 6.1.x hasta versiones 6.5.x anteriores a 6.5.2 y vers... • https://www.couchbase.com/downloads • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-9042
https://notcve.org/view.php?id=CVE-2020-9042
08 Jun 2020 — In Couchbase Server 6.0, credentials cached by a browser can be used to perform a CSRF attack if an administrator has used their browser to check the results of a REST API request. En Couchbase Server versión 6.0, las credenciales almacenadas en memoria caché por un navegador pueden ser usadas para llevar a cabo un ataque de tipo CSRF si un administrador ha usado su navegador para comprobar los resultados de una petición de la API REST • https://www.couchbase.com/resources/security#SecurityAlerts • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-11466
https://notcve.org/view.php?id=CVE-2019-11466
10 Sep 2019 — In Couchbase Server 6.0.0 and 5.5.0, the eventing service exposes system diagnostic profile via an HTTP endpoint that does not require credentials on a port earmarked for internal traffic only. This has been remedied in version 6.0.1 and now requires valid credentials to access. En Couchbase Server versiones 6.0.0 y 5.5.0, el servicio de eventos expone el perfil de diagnóstico del sistema a través de un punto final HTTP que no requiere credenciales en un puerto destinado solo para tráfico interno. Esto se s... • https://www.couchbase.com/resources/security#SecurityAlerts • CWE-306: Missing Authentication for Critical Function •