CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32557
https://notcve.org/view.php?id=CVE-2022-32557
14 Jun 2022 — An issue was discovered in Couchbase Server before 7.0.4. The Index Service does not enforce authentication for TCP/TLS servers. Se ha detectado un problema en Couchbase Server versiones anteriores a 7.0.4. El servicio de índices no aplica la autenticación para los servidores TCP/TLS • https://docs.couchbase.com/server/current/release-notes/relnotes.html • CWE-306: Missing Authentication for Critical Function •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32561
https://notcve.org/view.php?id=CVE-2022-32561
14 Jun 2022 — An issue was discovered in Couchbase Server before 6.6.5 and 7.x before 7.0.4. Previous mitigations for CVE-2018-15728 were found to be insufficient when it was discovered that diagnostic endpoints could still be accessed from the network. Se ha detectado un problema en Couchbase Server versiones anteriores a 6.6.5 y versiones 7.x anteriores a 7.0.4. Las mitigaciones anteriores para CVE-2018-15728 resultaron insuficientes cuando ha sido detectado que se podía seguir accediendo a los endpoints de diagnóstico... • https://docs.couchbase.com/server/current/release-notes/relnotes.html •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32565
https://notcve.org/view.php?id=CVE-2022-32565
13 Jun 2022 — An issue was discovered in Couchbase Server before 7.0.4. The Backup Service log leaks unredacted usernames and document ids. Se ha detectado un problema en Couchbase Server versiones anteriores a 7.0.4. El registro del servicio de copia de seguridad filtra nombres de usuario e identificadores de documentos no redactados • https://docs.couchbase.com/server/current/release-notes/relnotes.html • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32562
https://notcve.org/view.php?id=CVE-2022-32562
13 Jun 2022 — An issue was discovered in Couchbase Server before 7.0.4. Operations may succeed on a collection using stale RBAC permission. Se ha detectado un problema en Couchbase Server versiones anteriores a 7.0.4. Las operaciones pueden tener éxito en una colección usando un permiso RBAC antiguo • https://docs.couchbase.com/server/current/release-notes/relnotes.html • CWE-276: Incorrect Default Permissions •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32192
https://notcve.org/view.php?id=CVE-2022-32192
13 Jun 2022 — Couchbase Server 5.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor. Couchbase Server versiones 5.x hasta 7.x anteriores a 7.0.4, expone Información Confidencial a un Actor no Autorizado • https://docs.couchbase.com/server/current/release-notes/relnotes.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-32193
https://notcve.org/view.php?id=CVE-2022-32193
13 Jun 2022 — Couchbase Server 6.6.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor. Couchbase Server versiones 6.6.x hasta 7.x anteriores a 7.0.4, expone información confidencial a un actor no autorizado • https://docs.couchbase.com/server/current/release-notes/relnotes.html • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-32558
https://notcve.org/view.php?id=CVE-2022-32558
13 Jun 2022 — An issue was discovered in Couchbase Server before 7.0.4. Sample bucket loading may leak internal user passwords during a failure. Se ha detectado un problema en Couchbase Server versiones anteriores a 7.0.4. La carga de cubos de muestra puede filtrar las contraseñas de usuarios internos durante un fallo • https://docs.couchbase.com/server/current/release-notes/relnotes.html •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32560
https://notcve.org/view.php?id=CVE-2022-32560
13 Jun 2022 — An issue was discovered in Couchbase Server before 7.0.4. XDCR lacks role checking when changing internal settings. Se ha detectado un problema en Couchbase Server versiones anteriores a 7.0.4. XDCR carece de comprobación de roles cuando es cambiada la configuración interna • https://docs.couchbase.com/server/current/release-notes/relnotes.html • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32564
https://notcve.org/view.php?id=CVE-2022-32564
13 Jun 2022 — An issue was discovered in Couchbase Server before 7.0.4. In couchbase-cli, server-eshell leaks the Cluster Manager cookie. Se ha detectado un problema en Couchbase Server versiones anteriores a 7.0.4. En couchbase-cli, server-eshell filtra la cookie de Cluster Manager • https://docs.couchbase.com/server/current/release-notes/relnotes.html •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32563
https://notcve.org/view.php?id=CVE-2022-32563
10 Jun 2022 — An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, the admin credentials provided to the Admin REST API are ignored, resulting in privilege escalation for unauthenticated users. The Public REST API is not impacted by this issue. A workaround is to replace X.509 certi... • https://forums.couchbase.com/tags/security • CWE-295: Improper Certificate Validation •