Couchbase Server@5.5.0 Security Vulnerabilities and Issues — Couchbase Server@5.5.0 CVE List

Lucene search

CouchbaseCouchbase Server5.5.0

3 matches found

CVE•added 2019/09/10 6:15 p.m.•82 views

CVE-2019-11466

In Couchbase Server 6.0.0 and 5.5.0, the eventing service exposes system diagnostic profile via an HTTP endpoint that does not require credentials on a port earmarked for internal traffic only. This has been remedied in version 6.0.1 and now requires valid credentials to access.

5.3CVSS5.3AI score0.00311EPSS

CVE•added 2019/09/10 6:15 p.m.•72 views

CVE-2019-11467

In Couchbase Server 4.6.3 and 5.5.0, secondary indexing encodes the entries to be indexed using collatejson. When index entries contain certain characters like \t, , it caused buffer overrun as encoded string would be much larger than accounted for, causing indexer service to crash and restart. Thi...

7.8CVSS7.5AI score0.00552EPSS

CVE•added 2019/09/10 5:15 p.m.•52 views

CVE-2019-11464

Some enterprises require that REST API endpoints include security-related headers in REST responses. Headers such as X-Frame-Options and X-Content-Type-Options are generally advisable, however some information security professionals additionally look for X-Permitted-Cross-Domain-Policies and X-XSS-...

6.1CVSS6.2AI score0.00244EPSS