github.com/couchbase/sync_gateway is vulnerable to privilege escalation. The vulnerability exists because of storage of bucket credentials in the metadata within sync documents written to the bucket, allowing a user with read privilege to perform write access to data in Couchbase Server. Note: This vulnerability does not affect clusters where Sync Gateway is authenticated with X.509 client certificates and where shared bucket access is not enabled on Sync Gateway.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/couchbase/sync_gateway | le | 2.8.2 | |
github.com/couchbase/sync_gateway | le | 2.8.2 |