CVE-2024-56178

Name of the Vulnerable Software and Affected Versions Couchbase Server versions 7.6.x through 7.6.3

Description An issue was discovered that allows a user with the security admin local role to create a new user in a group that has the admin role. This is related to incorrect permission storage. The issue can be exploited by a remote attacker to elevate their privileges.

Recommendations For Couchbase Server versions 7.6.x through 7.6.3, consider restricting the security admin local role to prevent unauthorized user creation in admin groups until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.