CVE-2019-11496
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In versions of Couchbase Server prior to 5.0, the bucket named "default" was a special bucket that allowed read and write access without authentication. As part of 5.0, the behavior of all buckets including "default" were changed to only allow access by authenticated users with sufficient authorization. However, users were allowed unauthenticated and unauthorized access to the "default" bucket if the properties of this bucket were edited. This has been fixed in versions 5.1.0 and 5.5.0.
En las versiones de Couchbase Server anteriores a la version 5.0, el depósito denominado "predeterminado" era un depósito especial que permitía el acceso de lectura y escritura sin autenticación. Como parte de 5.0, el comportamiento de todos los depósitos, incluido el "predeterminado", se modificó para permitir solo el acceso de usuarios autenticados con autorización suficiente. Sin embargo, a los usuarios se les permitía el acceso no autenticado y no autorizado al depósito "predeterminado" si se editaban las propiedades de este depósito. Esto se ha solucionado en las versiones 5.1.0 y 5.5.0.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-04-23 CVE Reserved
- 2019-09-10 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-306: Missing Authentication for Critical Function
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.couchbase.com/resources/security#SecurityAlerts | 2020-08-24 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Couchbase Search vendor "Couchbase" | Couchbase Server Search vendor "Couchbase" for product "Couchbase Server" | <= 5.0.0 Search vendor "Couchbase" for product "Couchbase Server" and version " <= 5.0.0" | - |
Affected
|