Couchbase: >> Couchbase Server >> 7.2.3 Security Vulnerabilities
Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earlier versions allows HTTP Host header injection.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-09-19
An issue was discovered in Couchbase Server before 7.2.5 and 7.6.0 before 7.6.1. It does not ensure that credentials are negotiated with the Key-Value (KV) service using SCRAM-SHA when remote link encryption is configured for Half-Secure.
CVSS Score
5.9
EPSS Score
0.001
Published
2024-07-26
Couchbase Server before 7.2.4 has a private key leak in goxdcr.log.
CVSS Score
7.5
EPSS Score
0.004
Published
2024-02-29
An issue was discovered in Couchbase Server before 7.2.4. ns_server admin credentials are leaked in encoded form in the diag.log file. The earliest affected version is 7.1.5.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-02-29
An issue was discovered in Couchbase Server before 7.2.x before 7.2.4. otpCookie is shown with full admin on pools/default/serverGroups and engageCluster2.
CVSS Score
8.6
EPSS Score
0.002
Published
2024-02-29
An issue was discovered in Couchbase Server before 7.2.4. cURL calls to /diag/eval are not sufficiently restricted.
CVSS Score
9.8
EPSS Score
0.004
Published
2024-02-29
An issue was discovered in Couchbase Server before 7.2.4. SQL++ cURL calls to /diag/eval are not sufficiently restricted.
CVSS Score
9.8
EPSS Score
0.005
Published
2024-02-29
An issue was discovered in Couchbase Server before 7.2.4. An attacker can bypass SQL++ N1QL cURL host restrictions.
CVSS Score
5.4
EPSS Score
0.004
Published
2024-02-29
An issue was discovered in Couchbase Server through 7.2.2. A data reader may cause a denial of service (outage of reader threads).
CVSS Score
4.3
EPSS Score
0.002
Published
2024-02-29
An issue was discovered in Couchbase Server through 7.1.4 before 7.1.5 and before 7.2.1. There are Unauthenticated RMI Service Ports Exposed in Analytics.
CVSS Score
6.3
EPSS Score
0.001
Published
2024-02-29
Page 1