Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
couchbase couchbase server vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2022-32564
An issue exists in Couchbase Server prior to 7.0.4. In couchbase-cli, server-eshell leaks the Cluster Manager cookie.
Couchbase Couchbase Server
6.8
CVSSv2
CVE-2022-32563
An issue exists in Couchbase Sync Gateway 3.x prior to 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client cert...
Couchbase Sync Gateway
1 Github repository
4
CVSSv2
CVE-2021-33504
Couchbase Server prior to 7.1.0 has Incorrect Access Control.
Couchbase Couchbase Server
2.1
CVSSv2
CVE-2022-31022
Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pave way for exploitation of a node’s filesystem where the bleve index resides, if the user has used bleve’s ow...
Couchbase Bleve
5.5
CVSSv2
CVE-2021-43963
An issue exists in Couchbase Sync Gateway 2.7.0 up to and including 2.8.2. The bucket credentials used to read and write data in Couchbase Server were insecurely being stored in the metadata within sync documents written to the bucket. Users with read access could use these crede...
Couchbase Sync Gateway
5
CVSSv2
CVE-2021-42763
Couchbase Server prior to 6.6.3 and 7.x prior to 7.0.2 stores Sensitive Information in Cleartext. The issue occurs when the cluster manager forwards a HTTP request from the pluggable UI (query workbench etc) to the specific service. In the backtrace, the Basic Auth Header include...
Couchbase Couchbase Server
Couchbase Couchbase Server 7.0.0
Couchbase Couchbase Server 7.0.1
5
CVSSv2
CVE-2021-37842
metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, which is being logged, has a...
Couchbase Couchbase Server 7.0.0
Couchbase Couchbase Server 7.0.1
7.5
CVSSv2
CVE-2021-35943
Couchbase Server 6.5.x and 6.6.x up to and including 6.6.2 has Incorrect Access Control. Externally managed users are not prevented from using an empty password, per RFC4513.
Couchbase Couchbase Server
5
CVSSv2
CVE-2021-35944
Couchbase Server 6.5.x, 6.6.x up to and including 6.6.2, and 7.0.0 has a Buffer Overflow. A specially crafted network packet sent from an attacker can crash memcached.
Couchbase Couchbase Server
Couchbase Couchbase Server 7.0.0
5
CVSSv2
CVE-2021-35945
Couchbase Server 6.5.x, 6.6.0 up to and including 6.6.2, and 7.0.0, has a Buffer Overflow. A specially crafted network packet sent from an attacker can crash memcached.
Couchbase Couchbase Server
Couchbase Couchbase Server 7.0.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »