Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Couchbase_server
(Couchbase)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 50 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-07-12 | CVE-2022-33911 | An issue was discovered in Couchbase Server 7.x before 7.0.4. Field names are not redacted in logged validation messages for Analytics Service. An Unauthorized Actor may be able to obtain Sensitive Information. | Couchbase_server | 5.3 | ||
| 2021-05-19 | CVE-2021-27925 | An issue was discovered in Couchbase Server 6.5.x and 6.6.x through 6.6.1. When using the View Engine and Auditing is enabled, a crash condition can (depending on a race condition) cause an internal user with administrator privileges, @ns_server, to have its credentials leaked in cleartext in the ns_server.info.log file. | Couchbase_server | 4.4 | ||
| 2021-09-29 | CVE-2021-35943 | Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Control. Externally managed users are not prevented from using an empty password, per RFC4513. | Couchbase_server | 9.8 | ||
| 2022-06-14 | CVE-2022-32561 | An issue was discovered in Couchbase Server before 6.6.5 and 7.x before 7.0.4. Previous mitigations for CVE-2018-15728 were found to be insufficient when it was discovered that diagnostic endpoints could still be accessed from the network. | Couchbase_server | 4.9 | ||
| 2022-06-13 | CVE-2022-32193 | Couchbase Server 6.6.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor. | Couchbase_server | 6.5 | ||
| 2022-06-13 | CVE-2022-32558 | An issue was discovered in Couchbase Server before 7.0.4. Sample bucket loading may leak internal user passwords during a failure. | Couchbase_server | 7.5 | ||
| 2022-06-13 | CVE-2022-32564 | An issue was discovered in Couchbase Server before 7.0.4. In couchbase-cli, server-eshell leaks the Cluster Manager cookie. | Couchbase_server | 7.5 | ||
| 2022-06-13 | CVE-2022-32192 | Couchbase Server 5.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor. | Couchbase_server | 7.5 | ||
| 2022-06-13 | CVE-2022-32562 | An issue was discovered in Couchbase Server before 7.0.4. Operations may succeed on a collection using stale RBAC permission. | Couchbase_server | 8.8 | ||
| 2022-06-13 | CVE-2022-32565 | An issue was discovered in Couchbase Server before 7.0.4. The Backup Service log leaks unredacted usernames and document ids. | Couchbase_server | 7.5 |