Lucene search
K
CouchbaseCouchbase Server

63 matches found

CVE
CVE
added 2024/02/28 12:0 a.m.5626 views

CVE-2023-50436

CVE-2023-50436 affects Couchbase Server prior to 7.2.4. The issue leaks admin credentials (ns_server) encoded in diag.log, with earliest affected version 7.1.5. Connected sources confirm the vulnerability is limited to 7.1.5–7.2.3 and that upgrading to 7.2.4 or later resolves the vulnerability. T...

5.3CVSS6.8AI score0.00237EPSS
CVE
CVE
added 2023/04/14 6:10 p.m.1197 views

CVE-2023-2033

CVE-2023-2033: A type confusion in Google's V8 engine used by Chromium-based browsers allowed remote heap corruption via crafted HTML. The vulnerability affected Google Chrome/Chromium up to version 112.0.5615.121 and was fixed in the 112.0.5615.121 release (M112 Stable Update). Chrome’s advisory...

8.8CVSS8.9AI score0.40798EPSS
In wild
CVE
CVE
added 2023/06/05 9:40 p.m.836 views

CVE-2023-3079

Summary (CVE-2023-3079) : A type confusion in V8 in Google Chrome prior to 114.0.5735.110 can allow remote code execution via a crafted HTML page, with heap corruption as the underlying issue. The vulnerability affects Chrome’s Chromium-based rendering stack (V8 engine) and is rated High severity...

8.8CVSS8.6AI score0.32724EPSS
In wild
CVE
CVE
added 2024/02/05 8:45 p.m.524 views

CVE-2023-50782

CVE-2023-50782 affects the python-cryptography library across multiple Linux distributions. The underlying issue is a Bleichenbacher timing/PKCS#1 v1.5 RSA decryption handling flaw that could allow a remote attacker to decrypt TLS RSA-exchange messages, potentially exposing confidential data. Aff...

7.5CVSS7.2AI score0.02454EPSS
CVE
CVE
added 2024/01/16 9:14 p.m.411 views

CVE-2024-0519

CVE-2024-0519 is a Google Chrome/V8 vulnerability: an out-of-bounds memory access in V8 allows potential heap corruption via a crafted HTML page. Affected products include Chrome before version 120.0.6099.224; the Chromium/Chrome Stable Channel update to 120.0.6099.224 (Linux and Mac) and 120.0.6...

8.8CVSS8.5AI score0.03769EPSS
In wild
CVE
CVE
added 2020/02/22 1:30 a.m.149 views

CVE-2020-9039

CVE-2020-9039 affects Couchbase Server versions 4.0.0, 4.1.0/4.1.1, 4.5.0/4.5.1, 4.6.0–4.6.5, 5.0.0, 5.1.1, 5.5.0 and 5.5.1. The issue is insecure permissions on the projector and indexer REST endpoints, allowing unauthenticated access to administrative APIs via the /settings endpoint. The vulner...

9.8CVSS9.3AI score0.03842EPSS
CVE
CVE
added 2019/09/10 5:26 p.m.101 views

CVE-2019-11496

CVE-2019-11496 affects Couchbase Server. Prior to 5.0, the special default bucket allowed read/write access without authentication; in 5.0, behavior was tightened for all buckets, but a flaw allowed unauthenticated/unauthorized access to the default bucket when its properties were edited. The iss...

9.1CVSS8.8AI score0.0141EPSS
CVE
CVE
added 2024/02/28 12:0 a.m.101 views

CVE-2023-49931

Couchbase Server prior to 7.2.4 is affected by an issue where SQL++ cURL calls to the /diag/eval API endpoint are not sufficiently restricted. The CVE entry indicates potential high-impact exposure affecting confidentiality, integrity, and availability. The common remediation across sources is up...

9.8CVSS6.7AI score0.0091EPSS
CVE
CVE
added 2019/09/10 5:2 p.m.96 views

CVE-2019-11466

In Couchbase Server 6.0.0/5.5.0, the Eventing service exposed an unauthenticated HTTP endpoint for the system diagnostic profile on an internal-traffic port; this was remedied in 6.0.1 and now requires valid credentials.

5.3CVSS5.3AI score0.01106EPSS
CVE
CVE
added 2024/02/28 12:0 a.m.96 views

CVE-2023-45874

CVE-2023-45874 affects Couchbase Server up to version 7.2.2. The issue is caused by a data reader that may cause a denial of service, leading to an outage of reader threads. The CVSS base score is 4.3 (Medium) with network attack vector and low privileges required. No exploitation details are pro...

4.3CVSS6.7AI score0.00755EPSS
CVE
CVE
added 2024/02/28 12:0 a.m.96 views

CVE-2023-49932

CVE-2023-49932 affects Couchbase Server versions prior to 7.2.4. The vulnerability allows bypassing SQL++ N1QL cURL host restrictions. The available docs do not provide exploitation details; remediation is upgrading to 7.2.4+ or applying vendor guidance per release notes. CVSS 3.1 base score 5.4 ...

5.4CVSS6.8AI score0.0053EPSS
CVE
CVE
added 2024/02/28 12:0 a.m.91 views

CVE-2023-49930

CVE-2023-49930 affects Couchbase Server versions before 7.2.4. The issue is that cURL calls to the "/diag/eval" API endpoint are not sufficiently restricted, enabling access that could impact confidentiality, integrity, and availability. The vulnerability is described with a high severity (CVSS v...

9.8CVSS6.7AI score0.00902EPSS
CVE
CVE
added 2019/09/10 5:24 p.m.90 views

CVE-2019-11497

CVE-2019-11497 affects Couchbase Server 5.0.0, where during reference creation XDCR accepted an invalid Remote Cluster Certificate due to not validating the certificate signature. The issue allowed the system to proceed with establishing connections to a remote cluster using the invalid cert. The...

7.5CVSS7.5AI score0.00664EPSS
CVE
CVE
added 2024/02/28 12:0 a.m.90 views

CVE-2023-43769

CVE-2023-43769 affects Couchbase Server up to 7.1.4 (before 7.1.5) and before 7.2.1. The issue is that unauthenticated RMI service ports are exposed in Analytics, enabling potential unauthorized access. The available sources consistently identify Analytics as the exposed interface and indicate th...

6.3CVSS6.8AI score0.00441EPSS
CVE
CVE
added 2024/02/28 12:0 a.m.89 views

CVE-2024-23302

CVE-2024-23302 affects Couchbase Server prior to version 7.2.4, where a private key leak occurs in the goxdcr.log. The available sources confirm the issue and the affected product/version, but do not provide exploit details or specific remediation steps beyond the exposure described. No root-caus...

7.5CVSS6.7AI score0.00748EPSS
CVE
CVE
added 2022/06/13 10:15 p.m.88 views

CVE-2022-32562

CVE-2022-32562_affects_Couchbase_Server_before_7.0.4. The issue allows operations to succeed on a collection using stale RBAC permissions, potentially enabling unauthorized access or actions despite RBAC settings. Public sources (NVD, Red Hat, CVE records) consistently describe the vulnerability ...

8.8CVSS8.5AI score0.00914EPSS
CVE
CVE
added 2024/02/28 12:0 a.m.87 views

CVE-2023-45873

CVE-2023-45873 affects Couchbase Server versions through 7.2.2. The issue is triggered when a data reader reads large volumes of documents, potentially triggering the OS out-of-memory killer and causing the application to terminate (denial of service). The Red Hat and NVD records reiterate the sa...

6.5CVSS6.7AI score0.00663EPSS
CVE
CVE
added 2019/09/10 5:16 p.m.85 views

CVE-2019-11495

CVE-2019-11495 affects Couchbase Server 5.1.1 where the intra-node cookie was not generated securely because erlang:now() seeds the PRNG, creating a small space of random seeds that could allow brute-forcing the cookie and executing code on a remote system. Reports across sources confirm this vul...

9.8CVSS9.4AI score0.02139EPSS
CVE
CVE
added 2024/02/28 12:0 a.m.85 views

CVE-2023-50437

CVE-2023-50437 affects Couchbase Server prior to 7.2.4. The issue involves otpCookie being shown with full admin on endpoints /pools/default/serverGroups and engageCluster2, indicating overly permissive admin exposure. Root cause is not explicitly detailed beyond the admin-level OTP cookie handli...

8.6CVSS6.8AI score0.00683EPSS
Web
CVE
CVE
added 2019/09/10 5:21 p.m.84 views

CVE-2019-11467

CVE-2019-11467 affects Couchbase Server 4.6.3 and 5.5.0 where the secondary indexing path encodes entries with collatejson. When index entries contained characters such as tab, , the encoded string could exceed expectations and trigger a buffer overrun, causing the indexer service to crash and re...

7.8CVSS7.5AI score0.01344EPSS
CVE
CVE
added 2024/02/28 12:0 a.m.83 views

CVE-2023-49338

CVE-2023-49338 affects Couchbase Server versions 7.1.x through 7.2.3 (before 7.2.4). The vulnerability arises from endpoints /admin/stats and /admin/vitals on localhost TCP port 8093 not requiring authentication, enabling potential unauthorized access to sensitive operational data. The cited CVSS...

7.5CVSS7.1AI score0.00604EPSS
CVE
CVE
added 2022/06/14 4:38 p.m.76 views

CVE-2022-32557

CVE-2022-32557 affects Couchbase Server versions prior to 7.0.4, where the Index Service does not enforce authentication for TCP/TLS servers. This creates potential unauthorized access from the network (attack vector: network, low attack complexity). The CVSS details indicate a high impact on int...

7.5CVSS7.7AI score0.01058EPSS
CVE
CVE
added 2022/06/13 8:45 p.m.75 views

CVE-2022-32560

CVE-2022-32560 affects Couchbase Server versions before 7.0.4. The root cause is XDCR lacking role checking when changing internal settings, potentially allowing unauthorized modification within XDCR configuration. Documented impact indicates potential integrity concerns (I: HIGH) with no confide...

7.5CVSS7.5AI score0.00957EPSS
CVE
CVE
added 2022/06/13 8:45 p.m.75 views

CVE-2022-32564

CVE-2022-32564 affects Couchbase Server prior to 7.0.4. The issue resides in couchbase-cli’s server-eshell, which leaks the Cluster Manager cookie, enabling information disclosure via command-line cookie exposure. Multiple connected sources (NVD/CNNVD/Red Hat/CVEs) describe the vulnerability as a...

7.5CVSS7.5AI score0.01094EPSS
CVE
CVE
added 2018/08/24 7:0 p.m.71 views

CVE-2018-15728

CVE-2018-15728 affects Couchbase Server where the REST/diag/eval endpoint (on TCP 8091 and/or 18091) could be accessed by authenticated Full Admin users to submit arbitrary Erlang code, which would execute on the underlying OS with the attacker's privileges. Affected versions include 4.0.0, 4.1.2...

9CVSS5.9AI score0.02918EPSS
CVE
CVE
added 2022/06/13 8:45 p.m.71 views

CVE-2022-32558

CVE-2022-32558 affects Couchbase Server prior to 7.0.4. The issue arises during sample bucket loading, where a failure may disclose internal user passwords. The connected sources reiterate this information disclosure vector and the impact (confidentiality of passwords) but do not provide explicit...

7.5CVSS7.4AI score0.0116EPSS
CVE
CVE
added 2022/06/13 10:15 p.m.71 views

CVE-2022-32565

CVE-2022-32565 affects Couchbase Server prior to 7.0.4. The Backup Service log discloses unredacted usernames and document IDs, constituting a log information disclosure vulnerability. Connected sources confirm the issue in Couchbase Server versions before 7.0.4 with the root cause described as a...

7.5CVSS7.5AI score0.01094EPSS
CVE
CVE
added 2019/09/10 4:55 p.m.70 views

CVE-2019-11465

CVE-2019-11465 affects Couchbase Server 5.5.x (up to 5.5.3) and 6.0.0. The Memcached "connections" stat block exposes a non-redacted username and system info from bug reports, potentially leaking user names. The issue is fixed in 5.5.4 and 6.0.1 by properly tagging usernames in logs and hashing t...

5.3CVSS5.3AI score0.01167EPSS
CVE
CVE
added 2021/05/19 6:37 p.m.70 views

CVE-2021-31158

The CVE affects Couchbase Server 6.5.x and 6.6.x up to 6.6.1, where the Query Engine’s Common Table Expressions did not correctly enforce per-user permissions, allowing read access to resources beyond what a user is explicitly allowed. This impacts confidentiality (High) without integrity/availab...

6.5CVSS6.4AI score0.00704EPSS
CVE
CVE
added 2022/07/21 11:26 a.m.70 views

CVE-2022-32556

CVE-2022-32556 affects Couchbase Server before 7.0.4. During certain crashes, a private key is leaked to log files, exposing sensitive material and potentially impacting confidentiality. CVSSv3.1 base score is 7.5 (HIGH). The provided materials identify affected product/version and the root cause...

7.5CVSS7.4AI score0.00768EPSS
CVE
CVE
added 2022/06/13 8:45 p.m.69 views

CVE-2022-32193

CVE-2022-32193 affects Couchbase Server 6.6.x through 7.x, prior to version 7.0.4, where an information‑disclosure vulnerability exposes sensitive data to an unauthorized actor. The issue is rooted in the server stack described in public CVE summaries; confirmed references indicate an unauthorize...

6.5CVSS6.4AI score0.00691EPSS
CVE
CVE
added 2022/06/13 10:15 p.m.68 views

CVE-2022-32192

CVE-2022-32192 affects Couchbase Server 5.x through 7.x before 7.0.4 and results in exposure of sensitive information to an unauthorized actor. The connected documents consistently describe an information-disclosure vulnerability in Couchbase Server, but do not provide a concrete, publicly disclo...

7.5CVSS7.4AI score0.0088EPSS
CVE
CVE
added 2022/06/14 4:38 p.m.67 views

CVE-2022-32559

CVE-2022-32559 affects Couchbase Server prior to 7.0.4. The issue arises from handling random HTTP requests that can lead to leaked metrics, exposing potential information about the system. According to multiple connected sources, the vulnerability impacts Couchbase Server versions before 7.0.4, ...

9.1CVSS9AI score0.01249EPSS
CVE
CVE
added 2020/11/12 8:31 p.m.66 views

CVE-2020-24719

CVE-2020-24719 affects Erlang-based deployments where the Erlang cookie (shared secret) is exposed in logs, enabling an attacker to attach to a running Erlang node and execute OS commands. Root cause: the magic cookie is leaked through log content, allowing unauthorized remote access. Impact is h...

10CVSS9.6AI score0.23304EPSS
CVE
CVE
added 2022/05/31 8:29 p.m.66 views

CVE-2021-33504

CVE-2021-33504 affects Couchbase Server prior to 7.1.0, due to Incorrect Access Control/illegal authorization vulnerability. The connected Red Hat, CNVD, CNNVD, and PT-Security entries corroborate that versions before 7.1.0 are impacted and describe the issue as improper access control allowing m...

4.9CVSS5.2AI score0.00714EPSS
CVE
CVE
added 2021/05/19 7:1 p.m.64 views

CVE-2021-27924

CVE-2021-27924 affects Couchbase Server 6.x up to 6.6.1, where the UI insecurely logs session cookies in logs. This enables user impersonation if log files are obtained before the session cookie expires. Root cause: session cookies are logged unintentionally by the Couchbase Server UI. Impact: po...

5.9CVSS5.7AI score0.00549EPSS
CVE
CVE
added 2022/07/15 11:29 a.m.64 views

CVE-2022-34826

CVE-2022-34826 affects Couchbase Server 7.1.x prior to 7.1.1, where an encrypted Private Key passphrase may be leaked via logs. The issue can expose confidential data; CVSSv3.1 base score 5.9 (MEDIUM) with NETWORK attack vector, high confidentiality impact, no privileges or user interaction requi...

5.9CVSS5.7AI score0.00524EPSS
CVE
CVE
added 2019/09/10 4:38 p.m.63 views

CVE-2019-11464

CVE-2019-11464 affects Couchbase Server Views REST API (port 8092), where security headers were not included in versions 5.5.0 and 5.1.2. The issue is that headers such as X-Frame-Options, X-Content-Type-Options, X-Permitted-Cross-Domain-Policies, and X-XSS-Protection were missing in responses. T...

6.1CVSS6.2AI score0.00851EPSS
CVE
CVE
added 2021/05/26 8:9 p.m.63 views

CVE-2021-25643

CVE-2021-25643 affects Couchbase Server 5.x and 6.x prior to 6.5.2 and 6.6.x prior to 6.6.2. The issue enables internal administrator users (@cbq-engine-cbauth and @index-cbauth) to leak credentials in cleartext via the indexer.log when issuing /listCreateTokens, /listRebalanceTokens, or /listMet...

4.9CVSS5.1AI score0.00504EPSS
CVE
CVE
added 2024/07/26 12:0 a.m.63 views

CVE-2024-37034

CVE-2024-37034 affects Couchbase Server versions prior to 7.2.5 and 7.6.0 prior to 7.6.1. The issue is that credentials are not negotiated with the Key-Value (KV) service using SCRAM-SHA when remote link encryption is configured for Half-Secure, leading to potential information disclosure (Confid...

5.9CVSS7.2AI score0.00158EPSS
CVE
CVE
added 2022/06/14 4:38 p.m.61 views

CVE-2022-32561

CVE-2022-32561 maps to an issue in Couchbase Server previously tracked under CVE-2018-15728, where the /diag/eval diagnostic endpoint could be accessed by authenticated Full Admins and allowed execution of arbitrary Erlang code on the server. Affected versions for the root cause include Couchbase...

4.9CVSS6.7AI score0.00773EPSS
CVE
CVE
added 2024/09/19 12:0 a.m.61 views

CVE-2024-25673

CVE-2024-25673 affects Couchbase Server and enables HTTP Host header injection in affected branches: Couchbase Server 7.6.x prior to 7.6.2 and 7.2.x prior to 7.2.6 (and earlier versions). The vulnerability is due to improper handling of the Host header in HTTP requests. Observed impact per source...

6.1CVSS7.6AI score0.00318EPSS
CVE
CVE
added 2023/03/23 12:0 a.m.59 views

CVE-2023-28470

CVE-2023-28470 affects Couchbase Server 5.x–7.x prior to 7.1.4. The nsstats endpoint can be accessed without authentication, representing an authentication bypass in the statistics endpoint. Supported details from multiple sources confirm affected versions and the fix: upgrade to 7.1.4 or later t...

5.3CVSS5.3AI score0.00629EPSS
CVE
CVE
added 2025/01/27 12:0 a.m.59 views

CVE-2024-56178

CVE-2024-56178 affects Couchbase Server 7.6.x up to 7.6.3. The issue arises from incorrect permission storage, allowing a user with the security_admin_local role to create a new user in a group that has the admin role. The consequence is privilege escalation within the Couchbase security model. N...

6.5CVSS6.9AI score0.00326EPSS
CVE
CVE
added 2022/07/11 12:20 p.m.58 views

CVE-2022-33911

CVE-2022-33911 affects Couchbase Server 7.x (prior to 7.0.4). The issue lies in the Analytics Service: field names are not redacted in logged validation messages, enabling an unauthorized actor to potentially obtain sensitive information. The connected documents confirm the vulnerability details ...

5.3CVSS5.1AI score0.00818EPSS
CVE
CVE
added 2023/02/06 12:0 a.m.58 views

CVE-2023-25016

CVE-2023-25016 affects Couchbase Server: versions prior to 6.6.6, 7.x prior to 7.0.5, and 7.1.x prior to 7.1.2. The issue exposes sensitive information to an unauthorized actor . The Red Hat advisory RH:CVE-2023-25016 corroborates the description. No root-cause or exploitation details are provide...

7.5CVSS7.5AI score0.00446EPSS
CVE
CVE
added 2025/04/30 12:0 a.m.58 views

CVE-2025-46619

CVE-2025-46619 affects Couchbase Server: versions prior to 7.6.4 are vulnerable; Windows specifically affected up to 7.2.7. The issue could allow unauthorized access to sensitive files (e.g., /etc/passwd, /etc/shadow) depending on privilege level. Fixed in v7.6.4 for general use and in v7.2.7 for...

7.6CVSS6.9AI score0.00432EPSS
CVE
CVE
added 2021/05/19 6:57 p.m.57 views

CVE-2021-27925

Affects Couchbase Server 6.5.x and 6.6.x up to 6.6.1. The vulnerability arises in the View Engine when Auditing is enabled; a race-condition can cause an internal administrator user (@ns_server) to have credentials leaked in cleartext in the ns_server.info.log. The connected Red Hat and NVD entri...

4.4CVSS4.7AI score0.00529EPSS
CVE
CVE
added 2021/05/19 6:50 p.m.54 views

CVE-2021-25644

CVE-2021-25644 affects Couchbase Server 5.x and 6.x up to 6.6.1 and 7.0.0 Beta. The issue arises from incorrect commands to the REST API, causing authentication information to be leaked in plaintext in debug.log and info.log files and also shown in the UI accessible to administrators. The provide...

7.5CVSS7.6AI score0.00638EPSS
CVE
CVE
added 2021/09/29 7:17 p.m.54 views

CVE-2021-35943

CVE-2021-35943 affects Couchbase Server 6.5.x and 6.6.x through 6.6.2. Root cause: Incorrect Access Control that allows externally managed users to authenticate with an empty password (RFC4513). Impact per the CVE indicates potential unauthorized access with high confidentiality/integrity/availab...

9.8CVSS9.4AI score0.01027EPSS
Total number of security vulnerabilities63