CVE-2021-27924
https://notcve.org/view.php?id=CVE-2021-27924
An issue was discovered in Couchbase Server 6.x through 6.6.1. The Couchbase Server UI is insecurely logging session cookies in the logs. This allows for the impersonation of a user if the log files are obtained by an attacker before a session cookie expires. Se detectó un problema en Couchbase Server versiones 6.x hasta 6.6.1. La Interfaz de Usuario de Couchbase Server está registrando cookies de sesión de forma no segura en los registros. • https://www.couchbase.com/downloads https://www.couchbase.com/resources/security#SecurityAlerts • CWE-319: Cleartext Transmission of Sensitive Information •
CVE-2021-25644
https://notcve.org/view.php?id=CVE-2021-25644
An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta. Incorrect commands to the REST API can result in leaked authentication information being stored in cleartext in the debug.log and info.log files, and is also shown in the UI visible to administrators. Se detectó un problema en Couchbase Server versiones 5.x y versiones 6.x hasta 6.6.1 y versión 7.0.0 Beta. Unos comandos incorrectos de la API REST puede resultar que la información de autenticación filtrada sea almacenada en texto sin cifrar en los archivos debug.log e info.log, y también sea mostrado en la Interfaz de Usuario visible para unos administradores • https://www.couchbase.com/downloads https://www.couchbase.com/resources/security#SecurityAlerts • CWE-312: Cleartext Storage of Sensitive Information •
CVE-2021-25645
https://notcve.org/view.php?id=CVE-2021-25645
An issue was discovered in Couchbase Server before 6.0.5, 6.1.x through 6.5.x before 6.5.2, and 6.6.x before 6.6.1. An internal user with administrator privileges, @ns_server, leaks credentials in cleartext in the cbcollect_info.log, debug.log, ns_couchdb.log, indexer.log, and stats.log files. NOTE: updating the product does not automatically address leaks that occurred in the past. Se detectó un problema en Couchbase Server versiones anteriores a 6.0.5, 6.1.x hasta versiones 6.5.x anteriores a 6.5.2 y versiones 6.6.x anteriores a 6.6.1. Un usuario interno con privilegios de administrador, @ns_server, filtra las credenciales en texto sin cifrar en los archivos cbcollect_info.log, debug.log, ns_couchdb.log, indexer.log y stats.log. • https://www.couchbase.com/downloads https://www.couchbase.com/resources/security#SecurityAlerts • CWE-312: Cleartext Storage of Sensitive Information •
CVE-2020-9041
https://notcve.org/view.php?id=CVE-2020-9041
In Couchbase Server 6.0.3 and Couchbase Sync Gateway through 2.7.0, the Cluster management, views, query, and full-text search endpoints are vulnerable to the Slowloris denial-of-service attack because they don't more aggressively terminate slow connections. En Couchbase Server versión 6.0.3 y Couchbase Sync Gateway versiones hasta 2.7.0, los endpoints de administración del Clúster, vistas, consultas y búsqueda de texto completo son vulnerables al ataque de denegación de servicio de Slowloris porque no terminan más agresivamente las conexiones lentas • https://www.couchbase.com/resources/security#SecurityAlerts • CWE-404: Improper Resource Shutdown or Release •