Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
couchbase server vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2022-32561
An issue exists in Couchbase Server prior to 6.6.5 and 7.x prior to 7.0.4. Previous mitigations for CVE-2018-15728 were found to be insufficient when it exists that diagnostic endpoints could still be accessed from the network.
Couchbase Couchbase Server
6.5
CVSSv2
CVE-2022-32562
An issue exists in Couchbase Server prior to 7.0.4. Operations may succeed on a collection using stale RBAC permission.
Couchbase Couchbase Server
5
CVSSv2
CVE-2022-32564
An issue exists in Couchbase Server prior to 7.0.4. In couchbase-cli, server-eshell leaks the Cluster Manager cookie.
Couchbase Couchbase Server
5
CVSSv2
CVE-2022-32565
An issue exists in Couchbase Server prior to 7.0.4. The Backup Service log leaks unredacted usernames and document ids.
Couchbase Couchbase Server
NA
CVE-2023-28470
In Couchbase Server 5 through 7 prior to 7.1.4, the nsstats endpoint is accessible without authentication.
Couchbase Couchbase Server
6.4
CVSSv2
CVE-2019-11496
In versions of Couchbase Server before 5.0, the bucket named "default" was a special bucket that allowed read and write access without authentication. As part of 5.0, the behavior of all buckets including "default" were changed to only allow access by authenti...
Couchbase Couchbase Server
4.3
CVSSv2
CVE-2021-27924
An issue exists in Couchbase Server 6.x up to and including 6.6.1. The Couchbase Server UI is insecurely logging session cookies in the logs. This allows for the impersonation of a user if the log files are obtained by an attacker before a session cookie expires.
Couchbase Couchbase Server
7.5
CVSSv2
CVE-2021-35943
Couchbase Server 6.5.x and 6.6.x up to and including 6.6.2 has Incorrect Access Control. Externally managed users are not prevented from using an empty password, per RFC4513.
Couchbase Couchbase Server
NA
CVE-2022-42951
An issue exists in Couchbase Server 6.5.x and 6.6.x prior to 6.6.6, 7.x prior to 7.0.5, and 7.1.x prior to 7.1.2. During the start-up of a Couchbase Server node, there is a small window of time (before the cluster management authentication has started) where an attacker can conne...
Couchbase Couchbase Server
4
CVSSv2
CVE-2021-33504
Couchbase Server prior to 7.1.0 has Incorrect Access Control.
Couchbase Couchbase Server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »