Vulnerabilities > Couchbase > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-19 | CVE-2021-27924 | Cleartext Transmission of Sensitive Information vulnerability in Couchbase Server An issue was discovered in Couchbase Server 6.x through 6.6.1. | 4.3 |
| 2021-05-19 | CVE-2021-25644 | Cleartext Storage of Sensitive Information vulnerability in Couchbase Server An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta. | 5.0 |
| 2021-05-19 | CVE-2021-31158 | Incorrect Authorization vulnerability in Couchbase Server In the Query Engine in Couchbase Server 6.5.x and 6.6.x through 6.6.1, Common Table Expression queries were not correctly checking the user's permissions, allowing read-access to resources beyond what those users were explicitly allowed to access. | 4.0 |
| 2020-06-08 | CVE-2020-9042 | Cross-Site Request Forgery (CSRF) vulnerability in Couchbase Server 6.0.0 In Couchbase Server 6.0, credentials cached by a browser can be used to perform a CSRF attack if an administrator has used their browser to check the results of a REST API request. | 6.8 |
| 2020-06-08 | CVE-2020-9041 | Improper Resource Shutdown or Release vulnerability in Couchbase Server and Sync Gateway In Couchbase Server 6.0.3 and Couchbase Sync Gateway through 2.7.0, the Cluster management, views, query, and full-text search endpoints are vulnerable to the Slowloris denial-of-service attack because they don't more aggressively terminate slow connections. | 5.0 |
| 2020-06-08 | CVE-2020-9040 | Improper Certificate Validation vulnerability in Couchbase Server Java SDK 2.6/2.7 Couchbase Server Java SDK before 2.7.1.1 allows a potential attacker to forge an SSL certificate and pose as the intended peer. | 5.0 |
| 2019-09-10 | CVE-2019-11497 | Improper Certificate Validation vulnerability in Couchbase Server 5.0.0 In Couchbase Server 5.0.0, when an invalid Remote Cluster Certificate was entered as part of the reference creation, XDCR did not parse and check the certificate signature. | 5.0 |
| 2019-09-10 | CVE-2019-11496 | Missing Authentication for Critical Function vulnerability in Couchbase Server 4.0.0/4.6.3/5.0.0 In versions of Couchbase Server prior to 5.0, the bucket named "default" was a special bucket that allowed read and write access without authentication. | 6.4 |
| 2019-09-10 | CVE-2019-11466 | Missing Authentication for Critical Function vulnerability in Couchbase Server 5.5.0/6.0.0 In Couchbase Server 6.0.0 and 5.5.0, the eventing service exposes system diagnostic profile via an HTTP endpoint that does not require credentials on a port earmarked for internal traffic only. | 5.0 |
| 2019-09-10 | CVE-2019-11465 | Information Exposure Through Discrepancy vulnerability in Couchbase Server An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6.0.0. | 5.0 |