CVE-2024-37034

Name of the Vulnerable Software and Affected Versions Couchbase Server versions prior to 7.2.5 Couchbase Server versions 7.6.0 through 7.6.0

Description The issue is related to insufficient encryption of data in the Key-Value (KV) service of Couchbase Server. This could allow a remote attacker to disclose protected information when remote link encryption is configured for Half-Secure. The problem arises because the system does not ensure that credentials are negotiated with the KV service using SCRAM-SHA under these conditions.

Recommendations For versions prior to 7.2.5, update to version 7.2.5 or later. For versions 7.6.0, update to version 7.6.1 or later. As a temporary workaround, consider configuring remote link encryption to use Full-Secure mode until a patch is available.