Couchbase Server Security Vulnerabilities and Issues — Couchbase Server CVE List

Lucene search

CouchbaseCouchbase Server

15 matches found

CVE•added 2024/02/29 1:42 a.m.•5612 views

CVE-2023-50436

An issue was discovered in Couchbase Server before 7.2.4. ns_server admin credentials are leaked in encoded form in the diag.log file. The earliest affected version is 7.1.5.

5.3CVSS6.8AI score0.00106EPSS

CVE•added 2024/02/05 9:15 p.m.•397 views

CVE-2023-50782

A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.

7.5CVSS7.2AI score0.00726EPSS

CVE•added 2024/01/16 10:15 p.m.•323 views

CVE-2024-0519

Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.5AI score0.00226EPSS

CVE•added 2024/02/29 1:41 a.m.•88 views

CVE-2023-49931

An issue was discovered in Couchbase Server before 7.2.4. SQL++ cURL calls to /diag/eval are not sufficiently restricted.

9.8CVSS6.7AI score0.00627EPSS

CVE•added 2024/02/29 1:41 a.m.•83 views

CVE-2023-45874

An issue was discovered in Couchbase Server through 7.2.2. A data reader may cause a denial of service (outage of reader threads).

4.3CVSS6.7AI score0.00222EPSS

CVE•added 2024/02/29 1:41 a.m.•83 views

CVE-2023-49932

An issue was discovered in Couchbase Server before 7.2.4. An attacker can bypass SQL++ N1QL cURL host restrictions.

5.4CVSS6.8AI score0.0052EPSS

CVE•added 2024/02/29 1:44 a.m.•80 views

CVE-2024-23302

Couchbase Server before 7.2.4 has a private key leak in goxdcr.log.

7.5CVSS6.7AI score0.0061EPSS

CVE•added 2024/02/29 1:41 a.m.•78 views

CVE-2023-43769

An issue was discovered in Couchbase Server through 7.1.4 before 7.1.5 and before 7.2.1. There are Unauthenticated RMI Service Ports Exposed in Analytics.

6.3CVSS6.8AI score0.00129EPSS

CVE•added 2024/02/29 1:41 a.m.•77 views

CVE-2023-49930

An issue was discovered in Couchbase Server before 7.2.4. cURL calls to /diag/eval are not sufficiently restricted.

9.8CVSS6.7AI score0.0048EPSS

CVE•added 2024/02/28 10:15 p.m.•75 views

CVE-2023-45873

An issue was discovered in Couchbase Server through 7.2.2. A data reader may cause a denial of service (application exist) because of the OOM killer.

6.5CVSS6.7AI score0.00294EPSS

CVE•added 2024/02/29 1:42 a.m.•73 views

CVE-2023-50437

An issue was discovered in Couchbase Server before 7.2.x before 7.2.4. otpCookie is shown with full admin on pools/default/serverGroups and engageCluster2.

8.6CVSS6.8AI score0.00244EPSS

CVE•added 2024/02/28 10:15 p.m.•68 views

CVE-2023-49338

Couchbase Server 7.1.x and 7.2.x before 7.2.4 does not require authentication for the /admin/stats and /admin/vitals endpoints on TCP port 8093 of localhost.

7.5CVSS7.1AI score0.00272EPSS

CVE•added 2024/09/19 7:15 p.m.•49 views

CVE-2024-25673

Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earlier versions allows HTTP Host header injection.

6.1CVSS7.6AI score0.00476EPSS

CVE•added 2024/07/26 10:15 p.m.•43 views

CVE-2024-37034

An issue was discovered in Couchbase Server before 7.2.5 and 7.6.0 before 7.6.1. It does not ensure that credentials are negotiated with the Key-Value (KV) service using SCRAM-SHA when remote link encryption is configured for Half-Secure.

5.9CVSS7.2AI score0.00087EPSS

CVE•added 2024/03/27 7:15 a.m.•40 views

CVE-2023-43768

An issue was discovered in Couchbase Server 6.6.x through 7.2.0, before 7.1.5 and 7.2.1. Unauthenticated users may cause memcached to run out of memory via large commands.

7.5CVSS6.8AI score0.00376EPSS