PT-2019-12336 · Couchbase · Couchbase Server

Published

2019-09-10

Updated

2020-08-24

CVE-2019-11496

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Couchbase Server versions prior to 5.1.0

Description The issue concerns unauthenticated and unauthorized access to the "default" bucket in Couchbase Server. Prior to version 5.0, the "default" bucket allowed read and write access without authentication. Although the behavior was changed in version 5.0 to require authentication, editing the properties of the "default" bucket could still allow unauthenticated access.

Recommendations For versions prior to 5.1.0, update to version 5.1.0 or 5.5.0 to fix the issue. As a temporary workaround, consider restricting access to the "default" bucket to minimize the risk of exploitation.

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2019-11496

Affected Products

Couchbase Server

PT-2019-12336 · Couchbase · Couchbase Server

CVE-2019-11496

Weakness Enumeration

Related Identifiers

Affected Products

References · 3