Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
couchbase vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-45875
An issue exists in Couchbase Server 7.2.0. There is a private key leak in debug.log while adding a pre-7.0 node to a 7.2 cluster.
Couchbase Couchbase Server 7.2.0
NA
CVE-2022-34826
In Couchbase Server 7.1.x prior to 7.1.1, an encrypted Private Key passphrase may be leaked in the logs.
Couchbase Couchbase Server 7.1.0
5
CVSSv2
CVE-2019-11497
In Couchbase Server 5.0.0, when an invalid Remote Cluster Certificate was entered as part of the reference creation, XDCR did not parse and check the certificate signature. It then accepted the invalid certificate and attempted to use it to establish future connections to the rem...
Couchbase Couchbase Server 5.0.0
7.5
CVSSv2
CVE-2019-11495
In Couchbase Server 5.1.1, the cookie used for intra-node communication was not generated securely. Couchbase Server uses erlang:now() to seed the PRNG which results in a small search space for potential random seeds that could then be used to brute force the cookie and execute c...
Couchbase Couchbase Server 5.1.1
5
CVSSv2
CVE-2020-9040
Couchbase Server Java SDK prior to 2.7.1.1 allows a potential malicious user to forge an SSL certificate and pose as the intended peer. An attacker can leverage this flaw by crafting a cryptographically valid certificate that will be accepted by Java SDK's Netty component du...
Couchbase Couchbase Server Java Sdk
2.1
CVSSv2
CVE-2022-31022
Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pave way for exploitation of a node’s filesystem where the bleve index resides, if the user has used bleve’s ow...
Couchbase Bleve
6.8
CVSSv2
CVE-2022-32563
An issue exists in Couchbase Sync Gateway 3.x prior to 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client cert...
Couchbase Sync Gateway
1 Github repository
5.5
CVSSv2
CVE-2021-43963
An issue exists in Couchbase Sync Gateway 2.7.0 up to and including 2.8.2. The bucket credentials used to read and write data in Couchbase Server were insecurely being stored in the metadata within sync documents written to the bucket. Users with read access could use these crede...
Couchbase Sync Gateway
5
CVSSv2
CVE-2022-26311
Couchbase Operator 2.2.x prior to 2.2.3 exposes Sensitive Information to an Unauthorized Actor. Secrets are not redacted in logs collected from Kubernetes environments.
Couchbase Cloud Native Operator
7.5
CVSSv2
CVE-2019-9039
In Couchbase Sync Gateway 2.1.2, an attacker with access to the Sync Gateway’s public REST API was able to issue additional N1QL statements and extract sensitive data or call arbitrary N1QL functions through the parameters "startkey" and "endkey" on the ...
Couchbase Sync Gateway 2.1.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
firmware
CVE-2006-4304
CVE-2024-32878
CVE-2024-31502
XSS
CVE-2024-3059
CVE-2024-33692
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »