Couchbase Server -

CPE Details

Couchbase Server -
couchbase
couchbase_server
-
2019-09-11
15h33 +00:00
2019-09-11
15h33 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:couchbase:couchbase_server:-:*:*:*:*:*:*:*

Informations

Vendor

couchbase

Product

couchbase_server

Version

-

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-23302 2024-02-27 23h00 +00:00 Couchbase Server before 7.2.4 has a private key leak in goxdcr.log.
7.5
High
CVE-2024-0519 2024-01-16 21h14 +00:00 Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
8.8
High
CVE-2023-3079 2023-06-05 21h40 +00:00 Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
8.8
High
CVE-2023-2033 2023-04-14 18h10 +00:00 Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
8.8
High
CVE-2022-32564 2022-06-13 18h45 +00:00 An issue was discovered in Couchbase Server before 7.0.4. In couchbase-cli, server-eshell leaks the Cluster Manager cookie.
7.5
High
CVE-2021-42763 2021-11-02 10h46 +00:00 Couchbase Server before 6.6.3 and 7.x before 7.0.2 stores Sensitive Information in Cleartext. The issue occurs when the cluster manager forwards a HTTP request from the pluggable UI (query workbench etc) to the specific service. In the backtrace, the Basic Auth Header included in the HTTP request, has the "@" user credentials of the node processing the UI request.
7.5
High
CVE-2021-25645 2021-05-10 10h59 +00:00 An issue was discovered in Couchbase Server before 6.0.5, 6.1.x through 6.5.x before 6.5.2, and 6.6.x before 6.6.1. An internal user with administrator privileges, @ns_server, leaks credentials in cleartext in the cbcollect_info.log, debug.log, ns_couchdb.log, indexer.log, and stats.log files. NOTE: updating the product does not automatically address leaks that occurred in the past.
4.4
Medium
CVE-2019-11496 2019-09-10 15h26 +00:00 In versions of Couchbase Server prior to 5.0, the bucket named "default" was a special bucket that allowed read and write access without authentication. As part of 5.0, the behavior of all buckets including "default" were changed to only allow access by authenticated users with sufficient authorization. However, users were allowed unauthenticated and unauthorized access to the "default" bucket if the properties of this bucket were edited. This has been fixed in versions 5.1.0 and 5.5.0.
9.1
Critical
CVE-2018-15728 2018-08-24 17h00 +00:00 Couchbase Server exposed the '/diag/eval' endpoint which by default is available on TCP/8091 and/or TCP/18091. Authenticated users that have 'Full Admin' role assigned could send arbitrary Erlang code to the 'diag/eval' endpoint of the API and the code would subsequently be executed in the underlying operating system with privileges of the user which was used to start Couchbase. Affects Version: 4.0.0, 4.1.2, 4.5.1, 5.0.0, 4.6.5, 5.0.1, 5.1.1, 5.5.0, 5.5.1. Fix Version: 6.0.0, 5.5.2
8.8
High