CVE-2019-11495

Name of the Vulnerable Software and Affected Versions Couchbase Server versions prior to 6.0.0

Description The issue arises from the insecure generation of a cookie used for intra-node communication in Couchbase Server. Specifically, the erlang:now() function is used to seed the PRNG, resulting in a limited search space for potential random seeds. This could allow an attacker to brute force the cookie and execute code against a remote system.

Recommendations For versions prior to 6.0.0, update to version 6.0.0 or later to resolve the issue.