PT-2022-21722 · Couchbase · Couchbase Server

Published

2022-07-11

Updated

2022-07-20

CVE-2022-33173

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Couchbase Server versions prior to 7.0.4

Description An algorithm-downgrade issue was discovered in Couchbase Server. Analytics Remote Links may temporarily downgrade to a non-TLS connection to determine the TLS port number, using SCRAM-SHA instead.

Recommendations For versions prior to 7.0.4, update to version 7.0.4 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2022-33173

Affected Products

Couchbase Server

PT-2022-21722 · Couchbase · Couchbase Server

CVE-2022-33173

Related Identifiers

Affected Products

References · 6