Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
couchbase server vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2022-32559
An issue exists in Couchbase Server prior to 7.0.4. Random HTTP requests lead to leaked metrics.
Couchbase Couchbase Server
7.5
CVSSv3
CVE-2022-32560
An issue exists in Couchbase Server prior to 7.0.4. XDCR lacks role checking when changing internal settings.
Couchbase Couchbase Server
4.9
CVSSv3
CVE-2022-32561
An issue exists in Couchbase Server prior to 6.6.5 and 7.x prior to 7.0.4. Previous mitigations for CVE-2018-15728 were found to be insufficient when it exists that diagnostic endpoints could still be accessed from the network.
Couchbase Couchbase Server
8.8
CVSSv3
CVE-2022-32562
An issue exists in Couchbase Server prior to 7.0.4. Operations may succeed on a collection using stale RBAC permission.
Couchbase Couchbase Server
7.5
CVSSv3
CVE-2022-32564
An issue exists in Couchbase Server prior to 7.0.4. In couchbase-cli, server-eshell leaks the Cluster Manager cookie.
Couchbase Couchbase Server
7.5
CVSSv3
CVE-2022-32565
An issue exists in Couchbase Server prior to 7.0.4. The Backup Service log leaks unredacted usernames and document ids.
Couchbase Couchbase Server
7.5
CVSSv3
CVE-2022-33173
An algorithm-downgrade issue exists in Couchbase Server prior to 7.0.4. Analytics Remote Links may temporarily downgrade to non-TLS connection to determine the TLS port number, using SCRAM-SHA instead.
Couchbase Couchbase Server
4.9
CVSSv3
CVE-2021-25643
An issue exists in Couchbase Server 5.x and 6.x prior to 6.5.2 and 6.6.x prior to 6.6.2. Internal users with administrator privileges, @cbq-engine-cbauth and @index-cbauth, leak credentials in cleartext in the indexer.log file when they make a /listCreateTokens, /listRebalanceTok...
Couchbase Couchbase Server
7.5
CVSSv3
CVE-2020-9041
In Couchbase Server 6.0.3 and Couchbase Sync Gateway up to and including 2.7.0, the Cluster management, views, query, and full-text search endpoints are vulnerable to the Slowloris denial-of-service attack because they don't more aggressively terminate slow connections.
Couchbase Couchbase Server 6.0.3
Couchbase Sync Gateway
7.5
CVSSv3
CVE-2023-45875
An issue exists in Couchbase Server 7.2.0. There is a private key leak in debug.log while adding a pre-7.0 node to a 7.2 cluster.
Couchbase Couchbase Server 7.2.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »