Published: 10/06/2022 Updated: 17/06/2022

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

An issue exists in Couchbase Sync Gateway 3.x prior to 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, the admin credentials provided to the Admin REST API are ignored, resulting in privilege escalation for unauthenticated users. The Public REST API is not impacted by this issue. A workaround is to replace X.509 certificate based authentication with Username and Password authentication inside the bootstrap configuration.

Vulnerable Product	Search on Vulmon	Subscribe to Product
couchbase sync gateway

Scanner Vulnerability - Port Scanner - Architecture Scanner

Robust Scanner - Tool for scanner (2 versions API and desktop) alert: Known what you do, pentesting need to be legally, responsibility depends on you Table of contents 1Features of the scanner (desktop version) 2Features of the scanner (API version) 3Step by Step to install robust_scanner 4Contributors and Note Conclusion usage: robustScanpy [-h] -d DOMAIN [-pro {tcp,udp,

CWE-295 https://www.couchbase.com/alerts https://forums.couchbase.com/tags/security https://nvd.nist.gov https://github.com/Xeus-Territory/Robust_Scanner

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-32563

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect