Product:

Couchbase_server

(Couchbase)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 53
Date Id Summary Products Score Patch Annotated
2021-11-02 CVE-2021-42763 Couchbase Server before 6.6.3 and 7.x before 7.0.2 stores Sensitive Information in Cleartext. The issue occurs when the cluster manager forwards a HTTP request from the pluggable UI (query workbench etc) to the specific service. In the backtrace, the Basic Auth Header included in the HTTP request, has the "@" user credentials of the node processing the UI request. Couchbase_server 7.5
2022-06-02 CVE-2021-33504 Couchbase Server before 7.1.0 has Incorrect Access Control. Couchbase_server 4.9
2022-06-13 CVE-2022-32193 Couchbase Server 6.6.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor. Couchbase_server 6.5
2022-06-13 CVE-2022-32558 An issue was discovered in Couchbase Server before 7.0.4. Sample bucket loading may leak internal user passwords during a failure. Couchbase_server 7.5
2022-06-13 CVE-2022-32560 An issue was discovered in Couchbase Server before 7.0.4. XDCR lacks role checking when changing internal settings. Couchbase_server 7.5
2022-06-13 CVE-2022-32564 An issue was discovered in Couchbase Server before 7.0.4. In couchbase-cli, server-eshell leaks the Cluster Manager cookie. Couchbase_server 7.5
2022-06-13 CVE-2022-32192 Couchbase Server 5.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor. Couchbase_server 7.5
2022-06-13 CVE-2022-32562 An issue was discovered in Couchbase Server before 7.0.4. Operations may succeed on a collection using stale RBAC permission. Couchbase_server 8.8
2022-06-13 CVE-2022-32565 An issue was discovered in Couchbase Server before 7.0.4. The Backup Service log leaks unredacted usernames and document ids. Couchbase_server 7.5
2022-06-14 CVE-2022-32557 An issue was discovered in Couchbase Server before 7.0.4. The Index Service does not enforce authentication for TCP/TLS servers. Couchbase_server 7.5