PT-2024-21081 · Couchbase · Couchbase Server

Published

2024-09-19

Updated

2024-09-24

CVE-2024-25673

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Couchbase Server versions 7.6.x through 7.6.1 Couchbase Server versions 7.2.x through 7.2.5 Couchbase Server versions prior to 7.2.x

Description The issue allows HTTP Host header injection. This means an attacker could potentially manipulate the HTTP Host header to inject malicious data.

Recommendations For Couchbase Server versions 7.6.x through 7.6.1, update to version 7.6.2 or later. For Couchbase Server versions 7.2.x through 7.2.5, update to version 7.2.6 or later. For Couchbase Server versions prior to 7.2.x, update to version 7.2.6 or later.

Fix

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74

Related Identifiers

CVE-2024-25673

Affected Products

Couchbase Server

PT-2024-21081 · Couchbase · Couchbase Server

CVE-2024-25673

Weakness Enumeration

Related Identifiers

Affected Products

References · 9