PT-2021-19193 · Couchbase · Couchbase Server

Published

2021-05-19

Updated

2021-05-25

CVE-2021-31158

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Couchbase Server versions 6.5.x through 6.6.1

Description The issue concerns the Query Engine in Couchbase Server, where Common Table Expression queries did not correctly check user permissions. This allowed users to access resources beyond their explicitly allowed permissions, providing read-access to unauthorized data.

Recommendations For Couchbase Server versions 6.5.x through 6.6.1, consider restricting access to the Query Engine until a patch is available, or apply specific configuration changes to enforce proper permission checks for Common Table Expression queries. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2021-31158

Affected Products

Couchbase Server

PT-2021-19193 · Couchbase · Couchbase Server

CVE-2021-31158

Weakness Enumeration

Related Identifiers

Affected Products

References · 4