Lucene search
K

628 matches found

OSV
OSV
added 2021/05/19 7:15 p.m.4 views

CVE-2021-25644

An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta. Incorrect commands to the REST API can result in leaked authentication information being stored in cleartext in the debug.log and info.log files, and is also shown in the UI visible to administrators...

7.5CVSS7.1AI score0.00638EPSS
Exploits0References2
Prion
Prion
added 2021/05/19 7:15 p.m.12 views

Race condition

An issue was discovered in Couchbase Server 6.5.x and 6.6.x through 6.6.1. When using the View Engine and Auditing is enabled, a crash condition can depending on a race condition cause an internal user with administrator privileges, @nsserver, to have its credentials leaked in cleartext in the...

3.5CVSS4.7AI score0.00529EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2021/05/19 7:15 p.m.21 views

Authentication flaw

An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta. Incorrect commands to the REST API can result in leaked authentication information being stored in cleartext in the debug.log and info.log files, and is also shown in the UI visible to administrators...

5CVSS7.6AI score0.00638EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2021/05/19 7:15 p.m.21 views

Design/Logic Flaw

In the Query Engine in Couchbase Server 6.5.x and 6.6.x through 6.6.1, Common Table Expression queries were not correctly checking the user's permissions, allowing read-access to resources beyond what those users were explicitly allowed to access...

4CVSS6.5AI score0.00704EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/05/19 7:1 p.m.12 views

CVE-2021-27924

An issue was discovered in Couchbase Server 6.x through 6.6.1. The Couchbase Server UI is insecurely logging session cookies in the logs. This allows for the impersonation of a user if the log files are obtained by an attacker before a session cookie expires...

6AI score0.00549EPSS
Exploits0References2
CVE
CVE
added 2021/05/19 7:1 p.m.64 views

CVE-2021-27924

CVE-2021-27924 affects Couchbase Server 6.x up to 6.6.1, where the UI insecurely logs session cookies in logs. This enables user impersonation if log files are obtained before the session cookie expires. Root cause: session cookies are logged unintentionally by the Couchbase Server UI. Impact: po...

5.9CVSS5.7AI score0.00549EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/05/19 6:57 p.m.57 views

CVE-2021-27925

Affects Couchbase Server 6.5.x and 6.6.x up to 6.6.1. The vulnerability arises in the View Engine when Auditing is enabled; a race-condition can cause an internal administrator user (@ns_server) to have credentials leaked in cleartext in the ns_server.info.log. The connected Red Hat and NVD entri...

4.4CVSS4.7AI score0.00529EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/05/19 6:57 p.m.18 views

CVE-2021-27925

An issue was discovered in Couchbase Server 6.5.x and 6.6.x through 6.6.1. When using the View Engine and Auditing is enabled, a crash condition can depending on a race condition cause an internal user with administrator privileges, @nsserver, to have its credentials leaked in cleartext in the...

5AI score0.00529EPSS
Exploits0References2
CVE
CVE
added 2021/05/19 6:50 p.m.54 views

CVE-2021-25644

CVE-2021-25644 affects Couchbase Server 5.x and 6.x up to 6.6.1 and 7.0.0 Beta. The issue arises from incorrect commands to the REST API, causing authentication information to be leaked in plaintext in debug.log and info.log files and also shown in the UI accessible to administrators. The provide...

7.5CVSS7.6AI score0.00638EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/05/19 6:50 p.m.15 views

CVE-2021-25644

An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta. Incorrect commands to the REST API can result in leaked authentication information being stored in cleartext in the debug.log and info.log files, and is also shown in the UI visible to administrators...

7.8AI score0.00638EPSS
Exploits0References2
CVE
CVE
added 2021/05/19 6:37 p.m.70 views

CVE-2021-31158

The CVE affects Couchbase Server 6.5.x and 6.6.x up to 6.6.1, where the Query Engine’s Common Table Expressions did not correctly enforce per-user permissions, allowing read access to resources beyond what a user is explicitly allowed. This impacts confidentiality (High) without integrity/availab...

6.5CVSS6.4AI score0.00704EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/05/19 6:37 p.m.21 views

CVE-2021-31158

In the Query Engine in Couchbase Server 6.5.x and 6.6.x through 6.6.1, Common Table Expression queries were not correctly checking the user's permissions, allowing read-access to resources beyond what those users were explicitly allowed to access...

6.7AI score0.00704EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/05/19 12:0 a.m.2 views

Couchbase Server 竞争条件问题漏洞

Couchbase Server is a distributed, open source NoSQL non-relational database from Couchbase, Inc. that supports data querying, full-text searching, and active global replication. A security vulnerability exists in Couchbase Server 6.5.x and 6.6.x through 6.6.1, which stems from a crash condition...

4.4CVSS5.2AI score0.00529EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/05/19 12:0 a.m.3 views

Couchbase Server 安全漏洞

Couchbase Server is a distributed, open source NoSQL non-relational database from Couchbase, Inc. that supports data querying, full-text searching, and active global replication. A security vulnerability exists in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta, which stems from a fault...

7.5CVSS7.3AI score0.00638EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/05/19 12:0 a.m.3 views

Couchbase Server 安全漏洞

Couchbase Server is a distributed, open source NoSQL non-relational database from Couchbase, Inc. that supports data querying, full-text searching, and active global replication. A security vulnerability exists in Query Engine in Couchbase Server 6.5.x and 6.6.x through 6.6.1, which stems from a...

6.5CVSS6.5AI score0.00704EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/05/19 12:0 a.m.3 views

Couchbase Server 安全漏洞

Couchbase Server is a distributed open source NoSQL non-relational database from the U.S. company Couchbase , which mainly supports data query , full-text search and active global replication and other functions . A security vulnerability exists in the Couchbase Server UI that stems from insecure...

5.9CVSS5.7AI score0.00549EPSS
Exploits0References2
CNVD
CNVD
added 2021/05/12 12:0 a.m.7 views

Unspecified Vulnerability in Couchbase Server

Couchbase Server is a distributed open source NoSQL non-relational database from the U.S. company Couchbase , which mainly supports data query , full-text search and active global replication and other functions . Couchbase Server has a security vulnerability that can be exploited by an attacker ...

4.4CVSS6.8AI score0.00171EPSS
Exploits0References1
OSV
OSV
added 2021/05/10 1:15 p.m.4 views

CVE-2021-25645

An issue was discovered in Couchbase Server before 6.0.5, 6.1.x through 6.5.x before 6.5.2, and 6.6.x before 6.6.1. An internal user with administrator privileges, @nsserver, leaks credentials in cleartext in the cbcollectinfo.log, debug.log, nscouchdb.log, indexer.log, and stats.log files. NOTE:...

4.4CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2021/05/10 1:15 p.m.14 views

CVE-2021-25645

An issue was discovered in Couchbase Server before 6.0.5, 6.1.x through 6.5.x before 6.5.2, and 6.6.x before 6.6.1. An internal user with administrator privileges, @nsserver, leaks credentials in cleartext in the cbcollectinfo.log, debug.log, nscouchdb.log, indexer.log, and stats.log files. NOTE:...

4.4CVSS0.00171EPSS
Exploits0References2
Prion
Prion
added 2021/05/10 1:15 p.m.20 views

Design/Logic Flaw

An issue was discovered in Couchbase Server before 6.0.5, 6.1.x through 6.5.x before 6.5.2, and 6.6.x before 6.6.1. An internal user with administrator privileges, @nsserver, leaks credentials in cleartext in the cbcollectinfo.log, debug.log, nscouchdb.log, indexer.log, and stats.log files. NOTE:...

2.1CVSS4.9AI score0.00171EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder