Shodan
Vulnerabilities
Vulnerable Software
Couchbase:  Security Vulnerabilities
CVE-2025-52490
An issue was discovered in Couchbase Sync Gateway before 3.2.6. In sgcollect_info_options.log and sync_gateway.log, there are cleartext passwords in redacted and unredacted output.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-07-29
CVE-2025-49015
The Couchbase .NET SDK (client library) before 3.7.1 does not properly enable hostname verification for TLS certificates. In fact, the SDK was also using IP addresses instead of hostnames due to a configuration option that was incorrectly enabled by default.
CVSS Score
4.9
EPSS Score
0.0
Published
2025-06-18
CVE-2025-46619
A security issue has been discovered in Couchbase Server before 7.6.4 and fixed in v.7.6.4 and v.7.2.7 for Windows that could allow unauthorized access to sensitive files. Depending on the level of privileges, this vulnerability may grant access to files such as /etc/passwd or /etc/shadow.
CVSS Score
7.6
EPSS Score
0.002
Published
2025-04-30
CVE-2024-56178
An issue was discovered in Couchbase Server 7.6.x through 7.6.3. A user with the security_admin_local role can create a new user in a group that has the admin role.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-01-27
CVE-2024-25673
Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earlier versions allows HTTP Host header injection.
CVSS Score
6.1
EPSS Score
0.009
Published
2024-09-19
CVE-2024-37034
An issue was discovered in Couchbase Server before 7.2.5 and 7.6.0 before 7.6.1. It does not ensure that credentials are negotiated with the Key-Value (KV) service using SCRAM-SHA when remote link encryption is configured for Half-Secure.
CVSS Score
5.9
EPSS Score
0.002
Published
2024-07-26
CVE-2023-43768
An issue was discovered in Couchbase Server 6.6.x through 7.2.0, before 7.1.5 and 7.2.1. Unauthenticated users may cause memcached to run out of memory via large commands.
CVSS Score
7.5
EPSS Score
0.005
Published
2024-03-27
CVE-2024-23302
Couchbase Server before 7.2.4 has a private key leak in goxdcr.log.
CVSS Score
7.5
EPSS Score
0.006
Published
2024-02-29
CVE-2023-50436
An issue was discovered in Couchbase Server before 7.2.4. ns_server admin credentials are leaked in encoded form in the diag.log file. The earliest affected version is 7.1.5.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-02-29
CVE-2023-50437
An issue was discovered in Couchbase Server before 7.2.x before 7.2.4. otpCookie is shown with full admin on pools/default/serverGroups and engageCluster2.
CVSS Score
8.6
EPSS Score
0.003
Published
2024-02-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved