Page 6 of 35 results (0.010 seconds)

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

In Couchbase Server 6.0.3 and Couchbase Sync Gateway through 2.7.0, the Cluster management, views, query, and full-text search endpoints are vulnerable to the Slowloris denial-of-service attack because they don't more aggressively terminate slow connections. En Couchbase Server versión 6.0.3 y Couchbase Sync Gateway versiones hasta 2.7.0, los endpoints de administración del Clúster, vistas, consultas y búsqueda de texto completo son vulnerables al ataque de denegación de servicio de Slowloris porque no terminan más agresivamente las conexiones lentas • https://www.couchbase.com/resources/security#SecurityAlerts • CWE-404: Improper Resource Shutdown or Release •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

In Couchbase Server 6.0, credentials cached by a browser can be used to perform a CSRF attack if an administrator has used their browser to check the results of a REST API request. En Couchbase Server versión 6.0, las credenciales almacenadas en memoria caché por un navegador pueden ser usadas para llevar a cabo un ataque de tipo CSRF si un administrador ha usado su navegador para comprobar los resultados de una petición de la API REST • https://www.couchbase.com/resources/security#SecurityAlerts • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0

Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6.5, 5.0.0, 5.1.1, 5.5.0 and 5.5.1 have Insecure Permissions for the projector and indexer REST endpoints (they allow unauthenticated access).The /settings REST endpoint exposed by the projector process is an endpoint that administrators can use for various tasks such as updating configuration and collecting performance profiles. The endpoint was unauthenticated and has been updated to only allow authenticated users to access these administrative APIs. Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 a 4.6.5, 5.0.0, 5.1.1, 5.5.0 y 5.5.1 tienen permisos inseguros para puntos finales REST del proyector y del indexador (permiten el acceso no autenticado). El punto final REST / settings expuesto por el proceso del proyector es un punto final que los administradores pueden usar para diversas tareas, como actualizar la configuración y recopilar perfiles de rendimiento. El punto final no se autenticó y se actualizó para permitir solo a los usuarios autenticados acceder a estas API administrativas. • https://www.couchbase.com/resources/security#SecurityAlerts • CWE-276: Incorrect Default Permissions •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

In versions of Couchbase Server prior to 5.0, the bucket named "default" was a special bucket that allowed read and write access without authentication. As part of 5.0, the behavior of all buckets including "default" were changed to only allow access by authenticated users with sufficient authorization. However, users were allowed unauthenticated and unauthorized access to the "default" bucket if the properties of this bucket were edited. This has been fixed in versions 5.1.0 and 5.5.0. En las versiones de Couchbase Server anteriores a la version 5.0, el depósito denominado "predeterminado" era un depósito especial que permitía el acceso de lectura y escritura sin autenticación. • https://www.couchbase.com/resources/security#SecurityAlerts • CWE-306: Missing Authentication for Critical Function •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

In Couchbase Server 5.0.0, when an invalid Remote Cluster Certificate was entered as part of the reference creation, XDCR did not parse and check the certificate signature. It then accepted the invalid certificate and attempted to use it to establish future connections to the remote cluster. This has been fixed in version 5.5.0. XDCR now checks the validity of the certificate thoroughly and prevents a remote cluster reference from being created with an invalid certificate. En Couchbase Server versión 5.0.0, cuando se ingresó un Certificado de clúster remoto no válido como parte de la creación de referencia, XDCR no analizó ni verificó la firma del certificado. • https://www.couchbase.com/resources/security#SecurityAlerts • CWE-295: Improper Certificate Validation •