Couchbase Server@6.0.0 Security Vulnerabilities and Issues — Couchbase Server@6.0.0 CVE List

Lucene search

CouchbaseCouchbase Server6.0.0

3 matches found

CVE•added 2019/09/10 6:15 p.m.•82 views

CVE-2019-11466

In Couchbase Server 6.0.0 and 5.5.0, the eventing service exposes system diagnostic profile via an HTTP endpoint that does not require credentials on a port earmarked for internal traffic only. This has been remedied in version 6.0.1 and now requires valid credentials to access.

5.3CVSS5.3AI score0.00311EPSS

CVE•added 2019/09/10 5:15 p.m.•55 views

CVE-2019-11465

An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6.0.0. The Memcached "connections" stat block command emits a non-redacted username. The system information submitted to Couchbase as part of a bug report included the usernames for all users currently logged into the system even i...

5.3CVSS5.3AI score0.00363EPSS

CVE•added 2020/06/08 4:15 p.m.•28 views

CVE-2020-9042

In Couchbase Server 6.0, credentials cached by a browser can be used to perform a CSRF attack if an administrator has used their browser to check the results of a REST API request.

8.8CVSS8.6AI score0.0021EPSS