CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-52490
https://notcve.org/view.php?id=CVE-2025-52490
29 Jul 2025 — An issue was discovered in Couchbase Sync Gateway before 3.2.6. In sgcollect_info_options.log and sync_gateway.log, there are cleartext passwords in redacted and unredacted output. Se detectó un problema en Couchbase Sync Gateway antes de la versión 3.2.6. En sgcollect_info_options.log y sync_gateway.log, aparecen contraseñas en texto plano en la salida redactada y sin redactar. • https://docs.couchbase.com/server/current/release-notes/relnotes.html • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25673
https://notcve.org/view.php?id=CVE-2024-25673
19 Sep 2024 — Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earlier versions allows HTTP Host header injection. • https://docs.couchbase.com/server/current/release-notes/relnotes.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37034
https://notcve.org/view.php?id=CVE-2024-37034
26 Jul 2024 — An issue was discovered in Couchbase Server before 7.2.5 and 7.6.0 before 7.6.1. It does not ensure that credentials are negotiated with the Key-Value (KV) service using SCRAM-SHA when remote link encryption is configured for Half-Secure. • https://www.couchbase.com/alerts • CWE-326: Inadequate Encryption Strength •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43768
https://notcve.org/view.php?id=CVE-2023-43768
27 Mar 2024 — An issue was discovered in Couchbase Server 6.6.x through 7.2.0, before 7.1.5 and 7.2.1. Unauthenticated users may cause memcached to run out of memory via large commands. Se descubrió un problema en Couchbase Server 6.6.x hasta 7.2.0, anteriores a 7.1.5 y 7.2.1. Los usuarios no autenticados pueden hacer que Memcached se quede sin memoria mediante comandos grandes. • https://docs.couchbase.com/server/current/release-notes/relnotes.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49338
https://notcve.org/view.php?id=CVE-2023-49338
28 Feb 2024 — Couchbase Server 7.1.x and 7.2.x before 7.2.4 does not require authentication for the /admin/stats and /admin/vitals endpoints on TCP port 8093 of localhost. Couchbase Server 7.1.x y 7.2.x anteriores a 7.2.4 no requieren autenticación para los endpoints /admin/stats y /admin/vitals en el puerto TCP 8093 de localhost. • https://docs.couchbase.com/server/current/release-notes/relnotes.html • CWE-276: Incorrect Default Permissions •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49931
https://notcve.org/view.php?id=CVE-2023-49931
28 Feb 2024 — An issue was discovered in Couchbase Server before 7.2.4. SQL++ cURL calls to /diag/eval are not sufficiently restricted. Se descubrió un problema en Couchbase Server antes de la versión 7.2.4. Las llamadas cURL de SQL++ a /diag/eval no están suficientemente restringidas. • https://docs.couchbase.com/server/current/release-notes/relnotes.html • CWE-284: Improper Access Control •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50437
https://notcve.org/view.php?id=CVE-2023-50437
28 Feb 2024 — An issue was discovered in Couchbase Server before 7.2.x before 7.2.4. otpCookie is shown with full admin on pools/default/serverGroups and engageCluster2. Se descubrió un problema en Couchbase Server antes de 7.2.x antes de 7.2.4. otpCookie se muestra con administración completa en pools/default/serverGroups y engagementCluster2. • https://docs.couchbase.com/server/current/release-notes/relnotes.html • CWE-266: Incorrect Privilege Assignment •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23302
https://notcve.org/view.php?id=CVE-2024-23302
28 Feb 2024 — Couchbase Server before 7.2.4 has a private key leak in goxdcr.log. Couchbase Server anterior a 7.2.4 tiene una fuga de clave privada en goxdcr.log. • https://docs.couchbase.com/server/current/release-notes/relnotes.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45875
https://notcve.org/view.php?id=CVE-2023-45875
08 Nov 2023 — An issue was discovered in Couchbase Server 7.2.0. There is a private key leak in debug.log while adding a pre-7.0 node to a 7.2 cluster. Se descubrió un problema en Couchbase Server 7.2.0. Hay una fuga de clave privada en debug.log al agregar un nodo anterior a 7.0 a un clúster 7.2. • https://docs.couchbase.com/server/current/release-notes/relnotes.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-36667
https://notcve.org/view.php?id=CVE-2023-36667
08 Nov 2023 — Couchbase Server 7.1.4 before 7.1.5 and 7.2.0 before 7.2.1 allows Directory Traversal. Couchbase Server 7.1.4 anterior a 7.1.5 y 7.2.0 anterior a 7.2.1 permite el cruce de directorios. • https://docs.couchbase.com/server/current/release-notes/relnotes.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •