CVE-2025-52490
- EPSS 0.03%
- Published 29.07.2025 00:00:00
- Last modified 06.08.2025 16:25:11
An issue was discovered in Couchbase Sync Gateway before 3.2.6. In sgcollect_info_options.log and sync_gateway.log, there are cleartext passwords in redacted and unredacted output.
CVE-2022-32563
- EPSS 0.41%
- Published 10.06.2022 12:15:07
- Last modified 21.11.2024 07:06:38
An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couc...
CVE-2021-43963
- EPSS 0.33%
- Published 07.12.2021 22:15:07
- Last modified 21.11.2024 06:30:05
An issue was discovered in Couchbase Sync Gateway 2.7.0 through 2.8.2. The bucket credentials used to read and write data in Couchbase Server were insecurely being stored in the metadata within sync documents written to the bucket. Users with read ac...
CVE-2020-9041
- EPSS 0.54%
- Published 08.06.2020 16:15:10
- Last modified 21.11.2024 05:39:53
In Couchbase Server 6.0.3 and Couchbase Sync Gateway through 2.7.0, the Cluster management, views, query, and full-text search endpoints are vulnerable to the Slowloris denial-of-service attack because they don't more aggressively terminate slow conn...
CVE-2019-9039
- EPSS 0.3%
- Published 26.06.2019 19:15:11
- Last modified 21.11.2024 04:50:52
In Couchbase Sync Gateway 2.1.2, an attacker with access to the Sync Gateway’s public REST API was able to issue additional N1QL statements and extract sensitive data or call arbitrary N1QL functions through the parameters "startkey" and "endkey" on ...