Shodan
Vulnerabilities
Vulnerable Software
Couchbase:  >> Couchbase Server  >> 4.5.1  Security Vulnerabilities
CVE-2023-25016
Couchbase Server before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2 exposes Sensitive Information to an Unauthorized Actor.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-02-06
CVE-2022-32556
An issue was discovered in Couchbase Server before 7.0.4. A private key is leaked to the log files with certain crashes.
CVSS Score
7.5
EPSS Score
0.005
Published
2022-07-21
CVE-2022-32557
An issue was discovered in Couchbase Server before 7.0.4. The Index Service does not enforce authentication for TCP/TLS servers.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-06-14
CVE-2022-32559
An issue was discovered in Couchbase Server before 7.0.4. Random HTTP requests lead to leaked metrics.
CVSS Score
9.1
EPSS Score
0.007
Published
2022-06-14
CVE-2022-32560
An issue was discovered in Couchbase Server before 7.0.4. XDCR lacks role checking when changing internal settings.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-06-13
CVE-2022-32564
An issue was discovered in Couchbase Server before 7.0.4. In couchbase-cli, server-eshell leaks the Cluster Manager cookie.
CVSS Score
7.5
EPSS Score
0.005
Published
2022-06-13
CVE-2021-33504
Couchbase Server before 7.1.0 has Incorrect Access Control.
CVSS Score
4.9
EPSS Score
0.004
Published
2022-06-02
CVE-2021-42763
Couchbase Server before 6.6.3 and 7.x before 7.0.2 stores Sensitive Information in Cleartext. The issue occurs when the cluster manager forwards a HTTP request from the pluggable UI (query workbench etc) to the specific service. In the backtrace, the Basic Auth Header included in the HTTP request, has the "@" user credentials of the node processing the UI request.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-11-02
CVE-2021-35945
Couchbase Server 6.5.x, 6.6.0 through 6.6.2, and 7.0.0, has a Buffer Overflow. A specially crafted network packet sent from an attacker can crash memcached.
CVSS Score
7.5
EPSS Score
0.006
Published
2021-09-29
CVE-2021-25645
An issue was discovered in Couchbase Server before 6.0.5, 6.1.x through 6.5.x before 6.5.2, and 6.6.x before 6.6.1. An internal user with administrator privileges, @ns_server, leaks credentials in cleartext in the cbcollect_info.log, debug.log, ns_couchdb.log, indexer.log, and stats.log files. NOTE: updating the product does not automatically address leaks that occurred in the past.
CVSS Score
4.4
EPSS Score
0.001
Published
2021-05-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved