Couchbase Server Security Vulnerabilities and Issues — Couchbase Server CVE List

Lucene search

CouchbaseCouchbase Server

7 matches found

CVE•added 2024/02/29 1:41 a.m.•78 views

CVE-2023-43769

An issue was discovered in Couchbase Server through 7.1.4 before 7.1.5 and before 7.2.1. There are Unauthenticated RMI Service Ports Exposed in Analytics.

6.3CVSS6.8AI score0.00129EPSS

CVE•added 2024/02/28 10:15 p.m.•75 views

CVE-2023-45873

An issue was discovered in Couchbase Server through 7.2.2. A data reader may cause a denial of service (application exist) because of the OOM killer.

6.5CVSS6.7AI score0.00294EPSS

CVE•added 2021/05/19 7:15 p.m.•56 views

CVE-2021-31158

In the Query Engine in Couchbase Server 6.5.x and 6.6.x through 6.6.1, Common Table Expression queries were not correctly checking the user's permissions, allowing read-access to resources beyond what those users were explicitly allowed to access.

6.5CVSS6.4AI score0.00158EPSS

CVE•added 2022/06/13 9:15 p.m.•56 views

CVE-2022-32193

Couchbase Server 6.6.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor.

6.5CVSS6.4AI score0.00353EPSS

CVE•added 2019/09/10 5:15 p.m.•52 views

CVE-2019-11464

Some enterprises require that REST API endpoints include security-related headers in REST responses. Headers such as X-Frame-Options and X-Content-Type-Options are generally advisable, however some information security professionals additionally look for X-Permitted-Cross-Domain-Policies and X-XSS-...

6.1CVSS6.2AI score0.00371EPSS

CVE•added 2024/09/19 7:15 p.m.•49 views

CVE-2024-25673

Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earlier versions allows HTTP Host header injection.

6.1CVSS7.6AI score0.00227EPSS

CVE•added 2025/01/27 11:15 p.m.•44 views

CVE-2024-56178

An issue was discovered in Couchbase Server 7.6.x through 7.6.3. A user with the security_admin_local role can create a new user in a group that has the admin role.

6.5CVSS6.9AI score0.00051EPSS