Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
couchbase sync gateway vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-32563
An issue exists in Couchbase Sync Gateway 3.x prior to 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client cert...
Couchbase Sync Gateway
1 Github repository
9.8
CVSSv3
CVE-2019-9039
In Couchbase Sync Gateway 2.1.2, an attacker with access to the Sync Gateway’s public REST API was able to issue additional N1QL statements and extract sensitive data or call arbitrary N1QL functions through the parameters "startkey" and "endkey" on the ...
Couchbase Sync Gateway 2.1.2
8.1
CVSSv3
CVE-2021-43963
An issue exists in Couchbase Sync Gateway 2.7.0 up to and including 2.8.2. The bucket credentials used to read and write data in Couchbase Server were insecurely being stored in the metadata within sync documents written to the bucket. Users with read access could use these crede...
Couchbase Sync Gateway
7.5
CVSSv3
CVE-2020-9041
In Couchbase Server 6.0.3 and Couchbase Sync Gateway up to and including 2.7.0, the Cluster management, views, query, and full-text search endpoints are vulnerable to the Slowloris denial-of-service attack because they don't more aggressively terminate slow connections.
Couchbase Couchbase Server 6.0.3
Couchbase Sync Gateway
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started