Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
couchbase sync gateway vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2020-9041
In Couchbase Server 6.0.3 and Couchbase Sync Gateway up to and including 2.7.0, the Cluster management, views, query, and full-text search endpoints are vulnerable to the Slowloris denial-of-service attack because they don't more aggressively terminate slow connections.
Couchbase Couchbase Server 6.0.3
Couchbase Sync Gateway
6.8
CVSSv2
CVE-2022-32563
An issue exists in Couchbase Sync Gateway 3.x prior to 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client cert...
Couchbase Sync Gateway
1 Github repository
5.5
CVSSv2
CVE-2021-43963
An issue exists in Couchbase Sync Gateway 2.7.0 up to and including 2.8.2. The bucket credentials used to read and write data in Couchbase Server were insecurely being stored in the metadata within sync documents written to the bucket. Users with read access could use these crede...
Couchbase Sync Gateway
7.5
CVSSv2
CVE-2019-9039
In Couchbase Sync Gateway 2.1.2, an attacker with access to the Sync Gateway’s public REST API was able to issue additional N1QL statements and extract sensitive data or call arbitrary N1QL functions through the parameters "startkey" and "endkey" on the ...
Couchbase Sync Gateway 2.1.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000
CVE-2024-4439
unauthorized
CVE-2024-0042
CVE-2024-31848
CVE-2023-40694
cache poisoning
CVE-2024-23707
firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started