NotCVE - vendor:"Couchbase" product:"Sync Gateway" version:" <= 2.7.0"

3 results (0.004 seconds)

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-43963

https://notcve.org/view.php?id=CVE-2021-43963

07 Dec 2021 — An issue was discovered in Couchbase Sync Gateway 2.7.0 through 2.8.2. The bucket credentials used to read and write data in Couchbase Server were insecurely being stored in the metadata within sync documents written to the bucket. Users with read access could use these credentials to obtain write access. (This issue does not affect clusters where Sync Gateway is authenticated with X.509 client certificates. This issue also does not affect clusters where shared bucket access is not enabled on Sync Gateway.)... • https://www.couchbase.com/alerts • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2020-9041

https://notcve.org/view.php?id=CVE-2020-9041

08 Jun 2020 — In Couchbase Server 6.0.3 and Couchbase Sync Gateway through 2.7.0, the Cluster management, views, query, and full-text search endpoints are vulnerable to the Slowloris denial-of-service attack because they don't more aggressively terminate slow connections. En Couchbase Server versión 6.0.3 y Couchbase Sync Gateway versiones hasta 2.7.0, los endpoints de administración del Clúster, vistas, consultas y búsqueda de texto completo son vulnerables al ataque de denegación de servicio de Slowloris porque no term... • https://www.couchbase.com/resources/security#SecurityAlerts • CWE-404: Improper Resource Shutdown or Release •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2019-9039

https://notcve.org/view.php?id=CVE-2019-9039

26 Jun 2019 — In Couchbase Sync Gateway 2.1.2, an attacker with access to the Sync Gateway’s public REST API was able to issue additional N1QL statements and extract sensitive data or call arbitrary N1QL functions through the parameters "startkey" and "endkey" on the "_all_docs" endpoint. By issuing nested queries with CPU-intensive operations they may have been able to cause increased resource usage and denial of service conditions. The _all_docs endpoint is not required for Couchbase Mobile replication and external acc... • https://docs.couchbase.com/sync-gateway/2.5/release-notes.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •