Lucene search
+L

37 matches found

OSV
OSV
added 2022/06/10 12:15 p.m.5 views

CVE-2022-32563

An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, t...

9.8CVSS5.8AI score0.00763EPSS
Exploits0References2
OSV
OSV
added 2022/06/10 12:15 p.m.62 views

PYSEC-2022-207

An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, t...

9.8CVSS3.1AI score0.00763EPSS
Exploits0References3
Prion
Prion
added 2022/06/10 12:15 p.m.23 views

Design/Logic Flaw

An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, t...

6.8CVSS9.7AI score0.00763EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/06/10 11:57 a.m.41 views

CVE-2022-32563

An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, t...

10AI score0.00763EPSS
Exploits0References2
CVE
CVE
added 2022/06/10 11:57 a.m.414 views

CVE-2022-32563

CVE-2022-32563 affects Couchbase Sync Gateway 3.x before 3.0.2. When configured to authenticate to Couchbase Server with X.509 client certificates, the gateway does not verify admin credentials supplied to the Admin REST API, allowing privilege escalation for unauthenticated users. The issue does...

9.8CVSS9.8AI score0.00763EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/06/10 12:0 a.m.41 views

Couchbase Sync Gateway 信任管理问题漏洞

Couchbase Sync Gateway is a secure web gateway for data access and data synchronization over the web from Couchbase, Inc. A security vulnerability exists in the Couchbase Sync Gateway version 3.x, prior to version 3.0.2, which stems from the fact that administrator credentials are not validated...

9.8CVSS8.2AI score0.00763EPSS
Exploits0References3
NVD
NVD
added 2021/12/07 10:15 p.m.27 views

CVE-2021-43963

An issue was discovered in Couchbase Sync Gateway 2.7.0 through 2.8.2. The bucket credentials used to read and write data in Couchbase Server were insecurely being stored in the metadata within sync documents written to the bucket. Users with read access could use these credentials to obtain writ...

8.1CVSS0.00501EPSS
Exploits0References1
OSV
OSV
added 2021/12/07 10:15 p.m.5 views

CVE-2021-43963

An issue was discovered in Couchbase Sync Gateway 2.7.0 through 2.8.2. The bucket credentials used to read and write data in Couchbase Server were insecurely being stored in the metadata within sync documents written to the bucket. Users with read access could use these credentials to obtain writ...

8.1CVSS7.3AI score0.00501EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2021/12/07 10:15 p.m.3 views

CVE-2021-43963

An issue was discovered in Couchbase Sync Gateway 2.7.0 through 2.8.2. The bucket credentials used to read and write data in Couchbase Server were insecurely being stored in the metadata within sync documents written to the bucket. Users with read access could use these credentials to obtain writ...

8.1CVSS7.3AI score0.00501EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/12/07 9:5 p.m.26 views

CVE-2021-43963

An issue was discovered in Couchbase Sync Gateway 2.7.0 through 2.8.2. The bucket credentials used to read and write data in Couchbase Server were insecurely being stored in the metadata within sync documents written to the bucket. Users with read access could use these credentials to obtain writ...

7.9AI score0.00501EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/12/07 12:0 a.m.6 views

Couchbase Sync Gateway信息泄露漏洞

Couchbase Sync Gateway is a secure web gateway for data access and data synchronization over the web from Couchbase, Inc. A security vulnerability exists in Couchbase Sync Gateway 2.7.0 through 2.8.2, which stems from the fact that the bucket credentials used to read and write data in Couchbase...

8.1CVSS7.7AI score0.00501EPSS
Exploits0References2
CNVD
CNVD
added 2020/06/09 12:0 a.m.9 views

Couchbase Sync Gateway and Couchbase Server Denial of Service Vulnerabilities

Couchbase Sync Gateway and Couchbase Server are both products of Couchbase Inc. Couchbase Sync Gateway is a secure web gateway for data access and data synchronization over the web.Couchbase Server is a distributed open source Couchbase Server is a distributed open-source NoSQL non-relational...

7.5CVSS6.7AI score0.01276EPSS
Exploits0References1
CNVD
CNVD
added 2019/07/04 12:0 a.m.5 views

Couchbase Sync Gateway SQL Injection Vulnerability

Couchbase Sync Gateway is a secure Web gateway for data access and data synchronization over the Web from Couchbase Inc. in the United States. A SQL injection vulnerability exists in the REST API in Couchbase Sync Gateway version 2.1.2 Couchbase Server. An attacker could exploit the vulnerability...

9.8CVSS7.9AI score0.02741EPSS
Exploits1References1
NVD
NVD
added 2019/06/26 7:15 p.m.15 views

CVE-2019-9039

In Couchbase Sync Gateway 2.1.2, an attacker with access to the Sync Gateway’s public REST API was able to issue additional N1QL statements and extract sensitive data or call arbitrary N1QL functions through the parameters "startkey" and "endkey" on the "alldocs" endpoint. By issuing nested queri...

9.8CVSS9.5AI score0.02741EPSS
Exploits1References3
Prion
Prion
added 2019/06/26 7:15 p.m.14 views

Design/Logic Flaw

In Couchbase Sync Gateway 2.1.2, an attacker with access to the Sync Gateway’s public REST API was able to issue additional N1QL statements and extract sensitive data or call arbitrary N1QL functions through the parameters "startkey" and "endkey" on the "alldocs" endpoint. By issuing nested queri...

7.5CVSS9.4AI score0.02741EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2019/06/26 6:55 p.m.60 views

CVE-2019-9039

The CVE-2019-9039 issue affects Couchbase Sync Gateway 2.1.2, where an attacker with access to the public REST API could inject additional N1QL statements via the startkey/endkey parameters on the _all_docs endpoint. The underlying vulnerability is a N1QL injection that could disclose sensitive d...

9.8CVSS9.5AI score0.02741EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2019/06/26 6:55 p.m.18 views

CVE-2019-9039

In Couchbase Sync Gateway 2.1.2, an attacker with access to the Sync Gateway’s public REST API was able to issue additional N1QL statements and extract sensitive data or call arbitrary N1QL functions through the parameters "startkey" and "endkey" on the "alldocs" endpoint. By issuing nested queri...

9.6AI score0.02741EPSS
Exploits1References3
Rows per page
Query Builder