CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-35943
https://notcve.org/view.php?id=CVE-2021-35943
29 Sep 2021 — Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Control. Externally managed users are not prevented from using an empty password, per RFC4513. Couchbase Server versiones 6.5.x y 6.6.x hasta 6.6.2, presenta un Control de Acceso Incorrecto. No se impide a usuarios administrados externamente usar una contraseña vacía, según RFC4513 • https://docs.couchbase.com/server/current/release-notes/relnotes.html • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-35945
https://notcve.org/view.php?id=CVE-2021-35945
29 Sep 2021 — Couchbase Server 6.5.x, 6.6.0 through 6.6.2, and 7.0.0, has a Buffer Overflow. A specially crafted network packet sent from an attacker can crash memcached. Couchbase Server versiones 6.5.x, 6.6.0 hasta 6.6.2, y 7.0.0, presenta un desbordamiento del búfer. Un paquete de red especialmente diseñado enviado por un atacante puede bloquear memcached • https://docs.couchbase.com/server/current/release-notes/relnotes.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2021-25643
https://notcve.org/view.php?id=CVE-2021-25643
26 May 2021 — An issue was discovered in Couchbase Server 5.x and 6.x before 6.5.2 and 6.6.x before 6.6.2. Internal users with administrator privileges, @cbq-engine-cbauth and @index-cbauth, leak credentials in cleartext in the indexer.log file when they make a /listCreateTokens, /listRebalanceTokens, or /listMetadataTokens call. Se detectó un problema en Couchbase Server versiones 5.x y versiones 6.x anteriores a 6.5.2 y versiones 6.6.x anteriores a 6.6.2. Los usuarios internos con privilegios de administrador, @cb... • https://www.couchbase.com/resources/security#SecurityAlerts • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27924
https://notcve.org/view.php?id=CVE-2021-27924
19 May 2021 — An issue was discovered in Couchbase Server 6.x through 6.6.1. The Couchbase Server UI is insecurely logging session cookies in the logs. This allows for the impersonation of a user if the log files are obtained by an attacker before a session cookie expires. Se detectó un problema en Couchbase Server versiones 6.x hasta 6.6.1. La Interfaz de Usuario de Couchbase Server está registrando cookies de sesión de forma no segura en los registros. • https://www.couchbase.com/downloads • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27925
https://notcve.org/view.php?id=CVE-2021-27925
19 May 2021 — An issue was discovered in Couchbase Server 6.5.x and 6.6.x through 6.6.1. When using the View Engine and Auditing is enabled, a crash condition can (depending on a race condition) cause an internal user with administrator privileges, @ns_server, to have its credentials leaked in cleartext in the ns_server.info.log file. Se detectó un problema en Couchbase Server versiones 6.5.x y versiones 6.6.x hasta 6.6.1. Cuando está habilitado el uso de View Engine y Auditing, una condición de bloqueo puede (depen... • https://www.couchbase.com/downloads • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-25644
https://notcve.org/view.php?id=CVE-2021-25644
19 May 2021 — An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta. Incorrect commands to the REST API can result in leaked authentication information being stored in cleartext in the debug.log and info.log files, and is also shown in the UI visible to administrators. Se detectó un problema en Couchbase Server versiones 5.x y versiones 6.x hasta 6.6.1 y versión 7.0.0 Beta. Unos comandos incorrectos de la API REST puede resultar que la información de autenticación filtrada sea almacena... • https://www.couchbase.com/downloads • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31158
https://notcve.org/view.php?id=CVE-2021-31158
19 May 2021 — In the Query Engine in Couchbase Server 6.5.x and 6.6.x through 6.6.1, Common Table Expression queries were not correctly checking the user's permissions, allowing read-access to resources beyond what those users were explicitly allowed to access. En el Motor de Consulta en Couchbase Server versiones 6.5.x y versiones 6.6.x hasta 6.6.1, las consultas de Common Table Expression no comprobaban correctamente los permisos del usuario, permitiendo un acceso de lectura a recursos más allá de lo que esos usuarios ... • https://docs.couchbase.com/server/current/release-notes/relnotes.html • CWE-863: Incorrect Authorization •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2021-25645
https://notcve.org/view.php?id=CVE-2021-25645
10 May 2021 — An issue was discovered in Couchbase Server before 6.0.5, 6.1.x through 6.5.x before 6.5.2, and 6.6.x before 6.6.1. An internal user with administrator privileges, @ns_server, leaks credentials in cleartext in the cbcollect_info.log, debug.log, ns_couchdb.log, indexer.log, and stats.log files. NOTE: updating the product does not automatically address leaks that occurred in the past. Se detectó un problema en Couchbase Server versiones anteriores a 6.0.5, 6.1.x hasta versiones 6.5.x anteriores a 6.5.2 y vers... • https://www.couchbase.com/downloads • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 10.0EPSS: 7%CPEs: 1EXPL: 0CVE-2020-24719
https://notcve.org/view.php?id=CVE-2020-24719
12 Nov 2020 — Exposed Erlang Cookie could lead to Remote Command Execution (RCE) attack. Communication between Erlang nodes is done by exchanging a shared secret (aka "magic cookie"). There are cases where the magic cookie is included in the content of the logs. An attacker can use the cookie to attach to an Erlang node and run OS level commands on the system running the Erlang node. Affects version: 6.5.1. • https://www.couchbase.com/resources/security#VulnerabilityReporting • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •