Couchbase ≫ Couchbase Server

An issue was discovered in Couchbase Server before 6.6.5 and 7.x before 7.0.4. Previous mitigations for CVE-2018-15728 were found to be insufficient when it was discovered that diagnostic endpoints could still be accessed from the network.

An issue was discovered in Couchbase Server before 7.0.4. Random HTTP requests lead to leaked metrics.

An issue was discovered in Couchbase Server before 7.0.4. The Backup Service log leaks unredacted usernames and document ids.

An issue was discovered in Couchbase Server before 7.0.4. Operations may succeed on a collection using stale RBAC permission.

Couchbase Server 5.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor.

An issue was discovered in Couchbase Server before 7.0.4. In couchbase-cli, server-eshell leaks the Cluster Manager cookie.

An issue was discovered in Couchbase Server before 7.0.4. XDCR lacks role checking when changing internal settings.

An issue was discovered in Couchbase Server before 7.0.4. Sample bucket loading may leak internal user passwords during a failure.

Couchbase Server 6.6.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor.

Couchbase Server before 7.1.0 has Incorrect Access Control.