Vulnerabilities > Couchbase > Couchbase Server > 5.5.0

DATE CVE VULNERABILITY TITLE RISK
2020-02-22 CVE-2020-9039 Incorrect Default Permissions vulnerability in Couchbase Server
Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6.5, 5.0.0, 5.1.1, 5.5.0 and 5.5.1 have Insecure Permissions for the projector and indexer REST endpoints (they allow unauthenticated access).The /settings REST endpoint exposed by the projector process is an endpoint that administrators can use for various tasks such as updating configuration and collecting performance profiles.
network
low complexity
couchbase CWE-276
critical
9.8
2019-09-10 CVE-2019-11467 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Couchbase Server 4.6.3/5.5.0
In Couchbase Server 4.6.3 and 5.5.0, secondary indexing encodes the entries to be indexed using collatejson.
network
low complexity
couchbase CWE-119
7.5
2019-09-10 CVE-2019-11466 Missing Authentication for Critical Function vulnerability in Couchbase Server 5.5.0/6.0.0
In Couchbase Server 6.0.0 and 5.5.0, the eventing service exposes system diagnostic profile via an HTTP endpoint that does not require credentials on a port earmarked for internal traffic only.
network
low complexity
couchbase CWE-306
5.3
2019-09-10 CVE-2019-11465 Information Exposure Through Log Files vulnerability in Couchbase Server
An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6.0.0.
network
low complexity
couchbase CWE-532
5.3
2019-09-10 CVE-2019-11464 Cross-site Scripting vulnerability in Couchbase Server 5.1.2/5.5.0
Some enterprises require that REST API endpoints include security-related headers in REST responses.
network
low complexity
couchbase CWE-79
6.1