Couchbase: >> Couchbase Server >> 5.5.3 Security Vulnerabilities
CVE-2023-2033
Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Known exploited
CVSS Score
8.8
EPSS Score
0.071
Published
2023-04-14
Couchbase Server before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2 exposes Sensitive Information to an Unauthorized Actor.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-02-06
An issue was discovered in Couchbase Server before 7.0.4. A private key is leaked to the log files with certain crashes.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-07-21
An issue was discovered in Couchbase Server before 7.0.4. The Index Service does not enforce authentication for TCP/TLS servers.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-06-14
An issue was discovered in Couchbase Server before 7.0.4. Random HTTP requests lead to leaked metrics.
CVSS Score
9.1
EPSS Score
0.004
Published
2022-06-14
An issue was discovered in Couchbase Server before 6.6.5 and 7.x before 7.0.4. Previous mitigations for CVE-2018-15728 were found to be insufficient when it was discovered that diagnostic endpoints could still be accessed from the network.
CVSS Score
4.9
EPSS Score
0.002
Published
2022-06-14
Couchbase Server 5.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-06-13
An issue was discovered in Couchbase Server before 7.0.4. XDCR lacks role checking when changing internal settings.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-06-13
An issue was discovered in Couchbase Server before 7.0.4. In couchbase-cli, server-eshell leaks the Cluster Manager cookie.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-06-13
Couchbase Server before 7.1.0 has Incorrect Access Control.
CVSS Score
4.9
EPSS Score
0.003
Published
2022-06-02