CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32560
https://notcve.org/view.php?id=CVE-2022-32560
An issue was discovered in Couchbase Server before 7.0.4. XDCR lacks role checking when changing internal settings. Se ha detectado un problema en Couchbase Server versiones anteriores a 7.0.4. XDCR carece de comprobación de roles cuando es cambiada la configuración interna • https://docs.couchbase.com/server/current/release-notes/relnotes.html https://forums.couchbase.com/tags/security https://www.couchbase.com/alerts • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32564
https://notcve.org/view.php?id=CVE-2022-32564
An issue was discovered in Couchbase Server before 7.0.4. In couchbase-cli, server-eshell leaks the Cluster Manager cookie. Se ha detectado un problema en Couchbase Server versiones anteriores a 7.0.4. En couchbase-cli, server-eshell filtra la cookie de Cluster Manager • https://docs.couchbase.com/server/current/release-notes/relnotes.html https://forums.couchbase.com/tags/security https://www.couchbase.com/alerts •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33504
https://notcve.org/view.php?id=CVE-2021-33504
Couchbase Server before 7.1.0 has Incorrect Access Control. Couchbase Server versiones anteriores a 7.1.0, presenta un Control de Acceso Incorrecto • https://docs.couchbase.com/server/current/release-notes/relnotes.html https://www.couchbase.com/alerts •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-42763
https://notcve.org/view.php?id=CVE-2021-42763
Couchbase Server before 6.6.3 and 7.x before 7.0.2 stores Sensitive Information in Cleartext. The issue occurs when the cluster manager forwards a HTTP request from the pluggable UI (query workbench etc) to the specific service. In the backtrace, the Basic Auth Header included in the HTTP request, has the "@" user credentials of the node processing the UI request. Couchbase Server versiones anteriores a 6.6.3 y 7.x anteriores a 7.0.2, almacena información confidencial en texto sin cifrar. El problema se produce cuando el administrador de clústeres reenvía una petición HTTP desde la UI pluggable (query workbench, etc.) al servicio específico. • https://docs.couchbase.com/server/current/release-notes/relnotes.html https://www.couchbase.com/alerts • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-35944
https://notcve.org/view.php?id=CVE-2021-35944
Couchbase Server 6.5.x, 6.6.x through 6.6.2, and 7.0.0 has a Buffer Overflow. A specially crafted network packet sent from an attacker can crash memcached. Couchbase Server versiones 6.5.x, 6.6.x hasta 6.6.2, y 7.0.0, presenta un desbordamiento del búfer. Un paquete de red especialmente diseñado enviado por un atacante puede bloquear memcached • https://docs.couchbase.com/server/current/release-notes/relnotes.html https://www.couchbase.com/alerts • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •