16 matches found
CVE-2019-11497
In Couchbase Server 5.0.0, when an invalid Remote Cluster Certificate was entered as part of the reference creation, XDCR did not parse and check the certificate signature. It then accepted the invalid certificate and attempted to use it to establish future connections to the remote cluster. This...
EUVD-2019-3170
Malware in sbrugna...
EUVD-2022-35627
Malicious code in bioql PyPI...
CVE-2022-32560
An issue was discovered in Couchbase Server before 7.0.4. XDCR lacks role checking when changing internal settings...
CVE-2022-32560
An issue was discovered in Couchbase Server before 7.0.4. XDCR lacks role checking when changing internal settings...
Code injection
An issue was discovered in Couchbase Server before 7.0.4. XDCR lacks role checking when changing internal settings...
CVE-2022-32560
CVE-2022-32560 affects Couchbase Server versions before 7.0.4. The root cause is XDCR lacking role checking when changing internal settings, potentially allowing unauthorized modification within XDCR configuration. Documented impact indicates potential integrity concerns (I: HIGH) with no confide...
CVE-2022-32560
An issue was discovered in Couchbase Server before 7.0.4. XDCR lacks role checking when changing internal settings...
CVE-2021-37842
metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, which is being logged, has a tombstone purger...
Design/Logic Flaw
metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, which is being logged, has a tombstone purger...
CVE-2021-37842
CVE-2021-37842 affects Couchbase Server 7.0.0 (metakv). The issue arises from using cleartext storage of sensitive information, enabling potential leakage of Remote Cluster XDCR credentials in debug logs when a config key being logged has an attached tombstone purge timestamp. The Connected docum...
CVE-2021-37842
metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, which is being logged, has a tombstone purger...
CVE-2019-11497
In Couchbase Server 5.0.0, when an invalid Remote Cluster Certificate was entered as part of the reference creation, XDCR did not parse and check the certificate signature. It then accepted the invalid certificate and attempted to use it to establish future connections to the remote cluster. This...
Privilege escalation
In Couchbase Server 5.0.0, when an invalid Remote Cluster Certificate was entered as part of the reference creation, XDCR did not parse and check the certificate signature. It then accepted the invalid certificate and attempted to use it to establish future connections to the remote cluster. This...
CVE-2019-11497
CVE-2019-11497 affects Couchbase Server 5.0.0, where during reference creation XDCR accepted an invalid Remote Cluster Certificate due to not validating the certificate signature. The issue allowed the system to proceed with establishing connections to a remote cluster using the invalid cert. The...
CVE-2019-11497
In Couchbase Server 5.0.0, when an invalid Remote Cluster Certificate was entered as part of the reference creation, XDCR did not parse and check the certificate signature. It then accepted the invalid certificate and attempted to use it to establish future connections to the remote cluster. This...