Known Vulnerabilities for products from Couchbase
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Couchbase".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-45875 json | An issue was discovered in Couchbase Server 7.2.0. There is a private key leak in debug.log while adding a pre-7.0 node to a ... | 7.5 - HIGH | 2023-11-08 | 2023-11-16 |
| CVE-2023-36667 json | Couchbase Server 7.1.4 before 7.1.5 and 7.2.0 before 7.2.1 allows Directory Traversal. | 7.5 - HIGH | 2023-11-08 | 2023-11-15 |
| CVE-2023-28470 json | In Couchbase Server 5 through 7 before 7.1.4, the nsstats endpoint is accessible without authentication. | 5.3 - MEDIUM | 2023-03-23 | 2023-03-28 |
| CVE-2023-25016 json | Couchbase Server before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2 exposes Sensitive Information to an Unauthorized Acto... | 7.5 - HIGH | 2023-02-06 | 2023-02-14 |
| CVE-2022-42951 json | An issue was discovered in Couchbase Server 6.5.x and 6.6.x before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2. During th... | 8.1 - HIGH | 2023-02-06 | 2023-08-08 |
| CVE-2022-42950 json | An issue was discovered in Couchbase Server 7.x before 7.0.5 and 7.1.x before 7.1.2. A crafted HTTP REST request from an admi... | 4.9 - MEDIUM | 2023-02-06 | 2023-02-15 |
| CVE-2022-34826 json | In Couchbase Server 7.1.x before 7.1.1, an encrypted Private Key passphrase may be leaked in the logs. | 5.9 - MEDIUM | 2022-07-15 | 2023-08-08 |
| CVE-2022-33911 json | An issue was discovered in Couchbase Server 7.x before 7.0.4. Field names are not redacted in logged validation messages for ... | 5.3 - MEDIUM | 2022-07-12 | 2022-07-18 |
| CVE-2022-33173 json | An algorithm-downgrade issue was discovered in Couchbase Server before 7.0.4. Analytics Remote Links may temporarily downgrad... | 7.5 - HIGH | 2022-07-12 | 2022-07-20 |
| CVE-2022-32565 json | An issue was discovered in Couchbase Server before 7.0.4. The Backup Service log leaks unredacted usernames and document ids. | 7.5 - HIGH | 2022-06-13 | 2022-06-22 |
| CVE-2022-32564 json | An issue was discovered in Couchbase Server before 7.0.4. In couchbase-cli, server-eshell leaks the Cluster Manager cookie. | 7.5 - HIGH | 2022-06-13 | 2022-06-22 |
| CVE-2022-32563 json | An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 clien... | 9.8 - CRITICAL | 2022-06-10 | 2022-06-17 |
| CVE-2022-32562 json | An issue was discovered in Couchbase Server before 7.0.4. Operations may succeed on a collection using stale RBAC permission. | 8.8 - HIGH | 2022-06-13 | 2022-06-22 |
| CVE-2022-32561 json | An issue was discovered in Couchbase Server before 6.6.5 and 7.x before 7.0.4. Previous mitigations for CVE-2018-15728 were f... | 4.9 - MEDIUM | 2022-06-14 | 2022-06-24 |
| CVE-2022-32560 json | An issue was discovered in Couchbase Server before 7.0.4. XDCR lacks role checking when changing internal settings. | 7.5 - HIGH | 2022-06-13 | 2023-08-08 |
| CVE-2022-32559 json | An issue was discovered in Couchbase Server before 7.0.4. Random HTTP requests lead to leaked metrics. | 9.1 - CRITICAL | 2022-06-14 | 2023-08-08 |
| CVE-2022-32558 json | An issue was discovered in Couchbase Server before 7.0.4. Sample bucket loading may leak internal user passwords during a fai... | 7.5 - HIGH | 2022-06-13 | 2022-06-22 |
| CVE-2022-32557 json | An issue was discovered in Couchbase Server before 7.0.4. The Index Service does not enforce authentication for TCP/TLS serve... | 7.5 - HIGH | 2022-06-14 | 2023-08-08 |
| CVE-2022-32556 json | An issue was discovered in Couchbase Server before 7.0.4. A private key is leaked to the log files with certain crashes. | 7.5 - HIGH | 2022-07-21 | 2022-07-27 |
| CVE-2022-32193 json | Couchbase Server 6.6.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor. | 6.5 - MEDIUM | 2022-06-13 | 2022-06-22 |
Known software with vulnerabilities from Couchbase
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Couchbase | Couchbase Server | - |
| Application | Couchbase | Couchbase Server Java Sdk | 2.6 |
| Application | Couchbase | Server | - |
| Application | Couchbase | Sync Gateway | 2.1 |