• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

Couchbase

CVE-2022-32565

February 23, 2023 by godfreyd94

An issue was discovered in Couchbase Server before 7.0.4. The Backup Service log leaks unredacted usernames and document ids.

CVE-2022-32563

February 23, 2023 by godfreyd94

An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, the admin credentials provided to the Admin REST API are ignored, resulting in privilege escalation for unauthenticated users. The Public REST API is not impacted by this issue. A workaround is to replace X.509 certificate based authentication with Username and Password authentication inside the bootstrap configuration.

CVE-2022-32562

February 23, 2023 by godfreyd94

An issue was discovered in Couchbase Server before 7.0.4. Operations may succeed on a collection using stale RBAC permission.

CVE-2022-32561

February 23, 2023 by godfreyd94

An issue was discovered in Couchbase Server before 6.6.5 and 7.x before 7.0.4. Previous mitigations for CVE-2018-15728 were found to be insufficient when it was discovered that diagnostic endpoints could still be accessed from the network.

CVE-2022-32560

February 23, 2023 by godfreyd94

An issue was discovered in Couchbase Server before 7.0.4. XDCR lacks role checking when changing internal settings.

CVE-2022-32559

February 23, 2023 by godfreyd94

An issue was discovered in Couchbase Server before 7.0.4. Random HTTP requests lead to leaked metrics.

  • « Go to Previous Page
  • Go to page 1
  • Go to page 2
  • Go to page 3
  • Go to page 4
  • Go to page 5
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE