CVE-2019-11497
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In Couchbase Server 5.0.0, when an invalid Remote Cluster Certificate was entered as part of the reference creation, XDCR did not parse and check the certificate signature. It then accepted the invalid certificate and attempted to use it to establish future connections to the remote cluster. This has been fixed in version 5.5.0. XDCR now checks the validity of the certificate thoroughly and prevents a remote cluster reference from being created with an invalid certificate.
En Couchbase Server versión 5.0.0, cuando se ingresó un Certificado de clúster remoto no válido como parte de la creación de referencia, XDCR no analizó ni verificó la firma del certificado. Luego aceptó el certificado no válido e intentó usarlo para establecer conexiones futuras al clúster remoto. Esto se ha solucionado en la versión 5.5.0. XDCR ahora verifica la validez del certificado a fondo y evita que se cree una referencia de clúster remoto con un certificado no válido.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-04-23 CVE Reserved
- 2019-09-10 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-295: Improper Certificate Validation
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.couchbase.com/resources/security#SecurityAlerts | 2019-09-26 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Couchbase Search vendor "Couchbase" | Couchbase Server Search vendor "Couchbase" for product "Couchbase Server" | 5.0.0 Search vendor "Couchbase" for product "Couchbase Server" and version "5.0.0" | - |
Affected
| ||||||