CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33911
https://notcve.org/view.php?id=CVE-2022-33911
An issue was discovered in Couchbase Server 7.x before 7.0.4. Field names are not redacted in logged validation messages for Analytics Service. An Unauthorized Actor may be able to obtain Sensitive Information. Se ha detectado un problema en Couchbase Server versiones 7.x anteriores a 7.0.4. Los nombres de los campos no están redactados en los mensajes de comprobación registrados para el servicio de análisis. • https://docs.couchbase.com/server/current/release-notes/relnotes.html https://forums.couchbase.com/tags/security https://www.couchbase.com/alerts • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33173
https://notcve.org/view.php?id=CVE-2022-33173
An algorithm-downgrade issue was discovered in Couchbase Server before 7.0.4. Analytics Remote Links may temporarily downgrade to non-TLS connection to determine the TLS port number, using SCRAM-SHA instead. Se ha detectado un problema de degradación de algoritmos en Couchbase Server versiones anteriores a 7.0.4. Analytics Remote Links puede degradar temporalmente a una conexión no TLS para determinar el número de puerto TLS, usando SCRAM-SHA en su lugar • https://docs.couchbase.com/server/current/release-notes/relnotes.html https://forums.couchbase.com/tags/security https://www.couchbase.com/alerts •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32559
https://notcve.org/view.php?id=CVE-2022-32559
An issue was discovered in Couchbase Server before 7.0.4. Random HTTP requests lead to leaked metrics. Se ha detectado un problema en Couchbase Server versiones anteriores a 7.0.4. Las peticiones HTTP aleatorias conllevan a una filtración de métricas • https://docs.couchbase.com/server/current/release-notes/relnotes.html https://forums.couchbase.com/tags/security https://www.couchbase.com/alerts • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32557
https://notcve.org/view.php?id=CVE-2022-32557
An issue was discovered in Couchbase Server before 7.0.4. The Index Service does not enforce authentication for TCP/TLS servers. Se ha detectado un problema en Couchbase Server versiones anteriores a 7.0.4. El servicio de índices no aplica la autenticación para los servidores TCP/TLS • https://docs.couchbase.com/server/current/release-notes/relnotes.html https://forums.couchbase.com/tags/security https://www.couchbase.com/alerts • CWE-306: Missing Authentication for Critical Function •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32561
https://notcve.org/view.php?id=CVE-2022-32561
An issue was discovered in Couchbase Server before 6.6.5 and 7.x before 7.0.4. Previous mitigations for CVE-2018-15728 were found to be insufficient when it was discovered that diagnostic endpoints could still be accessed from the network. Se ha detectado un problema en Couchbase Server versiones anteriores a 6.6.5 y versiones 7.x anteriores a 7.0.4. Las mitigaciones anteriores para CVE-2018-15728 resultaron insuficientes cuando ha sido detectado que se podía seguir accediendo a los endpoints de diagnóstico desde la red • https://docs.couchbase.com/server/current/release-notes/relnotes.html https://forums.couchbase.com/tags/security https://www.couchbase.com/alerts •