628 matches found
CVE-2021-25644
An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta. Incorrect commands to the REST API can result in leaked authentication information being stored in cleartext in the debug.log and info.log files, and is also shown in the UI visible to administrators...
Race condition
An issue was discovered in Couchbase Server 6.5.x and 6.6.x through 6.6.1. When using the View Engine and Auditing is enabled, a crash condition can depending on a race condition cause an internal user with administrator privileges, @nsserver, to have its credentials leaked in cleartext in the...
Authentication flaw
An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta. Incorrect commands to the REST API can result in leaked authentication information being stored in cleartext in the debug.log and info.log files, and is also shown in the UI visible to administrators...
Design/Logic Flaw
In the Query Engine in Couchbase Server 6.5.x and 6.6.x through 6.6.1, Common Table Expression queries were not correctly checking the user's permissions, allowing read-access to resources beyond what those users were explicitly allowed to access...
CVE-2021-27924
An issue was discovered in Couchbase Server 6.x through 6.6.1. The Couchbase Server UI is insecurely logging session cookies in the logs. This allows for the impersonation of a user if the log files are obtained by an attacker before a session cookie expires...
CVE-2021-27924
CVE-2021-27924 affects Couchbase Server 6.x up to 6.6.1, where the UI insecurely logs session cookies in logs. This enables user impersonation if log files are obtained before the session cookie expires. Root cause: session cookies are logged unintentionally by the Couchbase Server UI. Impact: po...
CVE-2021-27925
Affects Couchbase Server 6.5.x and 6.6.x up to 6.6.1. The vulnerability arises in the View Engine when Auditing is enabled; a race-condition can cause an internal administrator user (@ns_server) to have credentials leaked in cleartext in the ns_server.info.log. The connected Red Hat and NVD entri...
CVE-2021-27925
An issue was discovered in Couchbase Server 6.5.x and 6.6.x through 6.6.1. When using the View Engine and Auditing is enabled, a crash condition can depending on a race condition cause an internal user with administrator privileges, @nsserver, to have its credentials leaked in cleartext in the...
CVE-2021-25644
CVE-2021-25644 affects Couchbase Server 5.x and 6.x up to 6.6.1 and 7.0.0 Beta. The issue arises from incorrect commands to the REST API, causing authentication information to be leaked in plaintext in debug.log and info.log files and also shown in the UI accessible to administrators. The provide...
CVE-2021-25644
An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta. Incorrect commands to the REST API can result in leaked authentication information being stored in cleartext in the debug.log and info.log files, and is also shown in the UI visible to administrators...
CVE-2021-31158
The CVE affects Couchbase Server 6.5.x and 6.6.x up to 6.6.1, where the Query Engine’s Common Table Expressions did not correctly enforce per-user permissions, allowing read access to resources beyond what a user is explicitly allowed. This impacts confidentiality (High) without integrity/availab...
CVE-2021-31158
In the Query Engine in Couchbase Server 6.5.x and 6.6.x through 6.6.1, Common Table Expression queries were not correctly checking the user's permissions, allowing read-access to resources beyond what those users were explicitly allowed to access...
Couchbase Server 竞争条件问题漏洞
Couchbase Server is a distributed, open source NoSQL non-relational database from Couchbase, Inc. that supports data querying, full-text searching, and active global replication. A security vulnerability exists in Couchbase Server 6.5.x and 6.6.x through 6.6.1, which stems from a crash condition...
Couchbase Server 安全漏洞
Couchbase Server is a distributed, open source NoSQL non-relational database from Couchbase, Inc. that supports data querying, full-text searching, and active global replication. A security vulnerability exists in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta, which stems from a fault...
Couchbase Server 安全漏洞
Couchbase Server is a distributed, open source NoSQL non-relational database from Couchbase, Inc. that supports data querying, full-text searching, and active global replication. A security vulnerability exists in Query Engine in Couchbase Server 6.5.x and 6.6.x through 6.6.1, which stems from a...
Couchbase Server 安全漏洞
Couchbase Server is a distributed open source NoSQL non-relational database from the U.S. company Couchbase , which mainly supports data query , full-text search and active global replication and other functions . A security vulnerability exists in the Couchbase Server UI that stems from insecure...
Unspecified Vulnerability in Couchbase Server
Couchbase Server is a distributed open source NoSQL non-relational database from the U.S. company Couchbase , which mainly supports data query , full-text search and active global replication and other functions . Couchbase Server has a security vulnerability that can be exploited by an attacker ...
CVE-2021-25645
An issue was discovered in Couchbase Server before 6.0.5, 6.1.x through 6.5.x before 6.5.2, and 6.6.x before 6.6.1. An internal user with administrator privileges, @nsserver, leaks credentials in cleartext in the cbcollectinfo.log, debug.log, nscouchdb.log, indexer.log, and stats.log files. NOTE:...
CVE-2021-25645
An issue was discovered in Couchbase Server before 6.0.5, 6.1.x through 6.5.x before 6.5.2, and 6.6.x before 6.6.1. An internal user with administrator privileges, @nsserver, leaks credentials in cleartext in the cbcollectinfo.log, debug.log, nscouchdb.log, indexer.log, and stats.log files. NOTE:...
Design/Logic Flaw
An issue was discovered in Couchbase Server before 6.0.5, 6.1.x through 6.5.x before 6.5.2, and 6.6.x before 6.6.1. An internal user with administrator privileges, @nsserver, leaks credentials in cleartext in the cbcollectinfo.log, debug.log, nscouchdb.log, indexer.log, and stats.log files. NOTE:...