PT-2023-14163 · Couchbase · Couchbase Server

Published

2023-02-06

Updated

2025-03-26

CVE-2022-42951

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Couchbase Server versions 6.5.x through 6.6.5 Couchbase Server versions 7.0.0 through 7.0.4 Couchbase Server versions 7.1.0 through 7.1.1

Description An issue was discovered in Couchbase Server during the start-up of a node, where there is a small window of time before the cluster management authentication has started, allowing an attacker to connect to the cluster manager using default credentials.

Recommendations For Couchbase Server versions 6.5.x through 6.6.5, update to version 6.6.6 or later. For Couchbase Server versions 7.0.0 through 7.0.4, update to version 7.0.5 or later. For Couchbase Server versions 7.1.0 through 7.1.1, update to version 7.1.2 or later.

Fix

Race Condition

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-287

Related Identifiers

CVE-2022-42951

Affected Products

Couchbase Server

PT-2023-14163 · Couchbase · Couchbase Server

CVE-2022-42951

Weakness Enumeration

Related Identifiers

Affected Products

References · 8