Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
couchbase server vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-25016
Couchbase Server prior to 6.6.6, 7.x prior to 7.0.5, and 7.1.x prior to 7.1.2 exposes Sensitive Information to an Unauthorized Actor.
Couchbase Couchbase Server
4.3
CVSSv2
CVE-2021-27924
An issue exists in Couchbase Server 6.x up to and including 6.6.1. The Couchbase Server UI is insecurely logging session cookies in the logs. This allows for the impersonation of a user if the log files are obtained by an attacker before a session cookie expires.
Couchbase Couchbase Server
10
CVSSv2
CVE-2020-24719
Exposed Erlang Cookie could lead to Remote Command Execution (RCE) attack. Communication between Erlang nodes is done by exchanging a shared secret (aka "magic cookie"). There are cases where the magic cookie is included in the content of the logs. An attacker can use t...
Couchbase Couchbase Server
9
CVSSv2
CVE-2018-15728
Couchbase Server exposed the '/diag/eval' endpoint which by default is available on TCP/8091 and/or TCP/18091. Authenticated users that have 'Full Admin' role assigned could send arbitrary Erlang code to the 'diag/eval' endpoint of the API and the co...
Couchbase Couchbase Server -
5
CVSSv2
CVE-2022-33911
An issue exists in Couchbase Server 7.x prior to 7.0.4. Field names are not redacted in logged validation messages for Analytics Service. An Unauthorized Actor may be able to obtain Sensitive Information.
Couchbase Couchbase Server
7.5
CVSSv2
CVE-2021-35943
Couchbase Server 6.5.x and 6.6.x up to and including 6.6.2 has Incorrect Access Control. Externally managed users are not prevented from using an empty password, per RFC4513.
Couchbase Couchbase Server
NA
CVE-2023-28470
In Couchbase Server 5 through 7 prior to 7.1.4, the nsstats endpoint is accessible without authentication.
Couchbase Couchbase Server
2.1
CVSSv2
CVE-2021-25645
An issue exists in Couchbase Server prior to 6.0.5, 6.1.x up to and including 6.5.x prior to 6.5.2, and 6.6.x prior to 6.6.1. An internal user with administrator privileges, @ns_server, leaks credentials in cleartext in the cbcollect_info.log, debug.log, ns_couchdb.log, indexer.l...
Couchbase Couchbase Server
NA
CVE-2022-32556
An issue exists in Couchbase Server prior to 7.0.4. A private key is leaked to the log files with certain crashes.
Couchbase Couchbase Server
5
CVSSv2
CVE-2022-32557
An issue exists in Couchbase Server prior to 7.0.4. The Index Service does not enforce authentication for TCP/TLS servers.
Couchbase Couchbase Server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »