CVE-2020-9040
CVE-2020-9040 affects Couchbase Server Java SDK prior to 2.7.1.1. The root cause is missing hostname verification in the SDK’s Netty-based TLS handling, allowing an attacker to forge a cryptographically valid certificate and impersonate the peer. Impact is authentication failure to verify peer id...