CVE-2019-11497

Name of the Vulnerable Software and Affected Versions Couchbase Server versions prior to 5.5.0

Description The issue arises when an invalid Remote Cluster Certificate is entered as part of the reference creation in Couchbase Server. The server fails to parse and check the certificate signature, accepting the invalid certificate and attempting to use it for future connections to the remote cluster. This allows for potential exploitation. The estimated number of potentially affected devices and details about real-world incidents are not provided.

Recommendations For Couchbase Server versions prior to 5.5.0, update to version 5.5.0 or later to resolve the issue, as it includes a fix that thoroughly checks the validity of the certificate and prevents the creation of a remote cluster reference with an invalid certificate.