PT-2023-14163 · Couchbase · Couchbase Server

Publicado

2023-02-06

Atualizado

2025-03-26

CVE-2022-42951

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Couchbase Server versions 6.5.x through 6.6.5 Couchbase Server versions 7.0.0 through 7.0.4 Couchbase Server versions 7.1.0 through 7.1.1

Description An issue was discovered in Couchbase Server during the start-up of a node, where there is a small window of time before the cluster management authentication has started, allowing an attacker to connect to the cluster manager using default credentials.

Recommendations For Couchbase Server versions 6.5.x through 6.6.5, update to version 6.6.6 or later. For Couchbase Server versions 7.0.0 through 7.0.4, update to version 7.0.5 or later. For Couchbase Server versions 7.1.0 through 7.1.1, update to version 7.1.2 or later.

Correção

Race Condition

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362CWE-287

Identificadores relacionados

CVE-2022-42951

Produtos afetados

Couchbase Server

PT-2023-14163 · Couchbase · Couchbase Server

CVE-2022-42951

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8