CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-35943
https://notcve.org/view.php?id=CVE-2021-35943
Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Control. Externally managed users are not prevented from using an empty password, per RFC4513. Couchbase Server versiones 6.5.x y 6.6.x hasta 6.6.2, presenta un Control de Acceso Incorrecto. No se impide a usuarios administrados externamente usar una contraseña vacía, según RFC4513 • https://docs.couchbase.com/server/current/release-notes/relnotes.html https://www.couchbase.com/alerts • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-35945
https://notcve.org/view.php?id=CVE-2021-35945
Couchbase Server 6.5.x, 6.6.0 through 6.6.2, and 7.0.0, has a Buffer Overflow. A specially crafted network packet sent from an attacker can crash memcached. Couchbase Server versiones 6.5.x, 6.6.0 hasta 6.6.2, y 7.0.0, presenta un desbordamiento del búfer. Un paquete de red especialmente diseñado enviado por un atacante puede bloquear memcached • https://docs.couchbase.com/server/current/release-notes/relnotes.html https://www.couchbase.com/alerts • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2021-25643
https://notcve.org/view.php?id=CVE-2021-25643
An issue was discovered in Couchbase Server 5.x and 6.x before 6.5.2 and 6.6.x before 6.6.2. Internal users with administrator privileges, @cbq-engine-cbauth and @index-cbauth, leak credentials in cleartext in the indexer.log file when they make a /listCreateTokens, /listRebalanceTokens, or /listMetadataTokens call. Se detectó un problema en Couchbase Server versiones 5.x y versiones 6.x anteriores a 6.5.2 y versiones 6.6.x anteriores a 6.6.2. Los usuarios internos con privilegios de administrador, @cbq-engine-cbauth y @index-cbauth, filtran credenciales en texto sin cifrar del archivo indexer.log cuando realizan una llamada /listCreateTokens, /listRebalanceTokens o /listMetadataTokens • https://www.couchbase.com/resources/security#SecurityAlerts • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27924
https://notcve.org/view.php?id=CVE-2021-27924
An issue was discovered in Couchbase Server 6.x through 6.6.1. The Couchbase Server UI is insecurely logging session cookies in the logs. This allows for the impersonation of a user if the log files are obtained by an attacker before a session cookie expires. Se detectó un problema en Couchbase Server versiones 6.x hasta 6.6.1. La Interfaz de Usuario de Couchbase Server está registrando cookies de sesión de forma no segura en los registros. • https://www.couchbase.com/downloads https://www.couchbase.com/resources/security#SecurityAlerts • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27925
https://notcve.org/view.php?id=CVE-2021-27925
An issue was discovered in Couchbase Server 6.5.x and 6.6.x through 6.6.1. When using the View Engine and Auditing is enabled, a crash condition can (depending on a race condition) cause an internal user with administrator privileges, @ns_server, to have its credentials leaked in cleartext in the ns_server.info.log file. Se detectó un problema en Couchbase Server versiones 6.5.x y versiones 6.6.x hasta 6.6.1. Cuando está habilitado el uso de View Engine y Auditing, una condición de bloqueo puede (dependiendo de una condición de carrera) causar a un usuario interno con privilegios de administrador, @ns_server, tener sus credenciales filtradas en texto sin cifrar en el archivo ns_server.info.log • https://www.couchbase.com/downloads https://www.couchbase.com/resources/security#SecurityAlerts • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •