Shodan
Vulnerabilities
Vulnerable Software
Couchbase:  >> Couchbase Server  Security Vulnerabilities
CVE-2025-46619
A security issue has been discovered in Couchbase Server before 7.6.4 and fixed in v.7.6.4 and v.7.2.7 for Windows that could allow unauthorized access to sensitive files. Depending on the level of privileges, this vulnerability may grant access to files such as /etc/passwd or /etc/shadow.
CVSS Score
7.6
EPSS Score
0.001
Published
2025-04-30
CVE-2024-56178
An issue was discovered in Couchbase Server 7.6.x through 7.6.3. A user with the security_admin_local role can create a new user in a group that has the admin role.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-01-27
CVE-2024-25673
Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earlier versions allows HTTP Host header injection.
CVSS Score
6.1
EPSS Score
0.004
Published
2024-09-19
CVE-2024-37034
An issue was discovered in Couchbase Server before 7.2.5 and 7.6.0 before 7.6.1. It does not ensure that credentials are negotiated with the Key-Value (KV) service using SCRAM-SHA when remote link encryption is configured for Half-Secure.
CVSS Score
5.9
EPSS Score
0.001
Published
2024-07-26
CVE-2023-43768
An issue was discovered in Couchbase Server 6.6.x through 7.2.0, before 7.1.5 and 7.2.1. Unauthenticated users may cause memcached to run out of memory via large commands.
CVSS Score
7.5
EPSS Score
0.004
Published
2024-03-27
CVE-2024-23302
Couchbase Server before 7.2.4 has a private key leak in goxdcr.log.
CVSS Score
7.5
EPSS Score
0.004
Published
2024-02-29
CVE-2023-50436
An issue was discovered in Couchbase Server before 7.2.4. ns_server admin credentials are leaked in encoded form in the diag.log file. The earliest affected version is 7.1.5.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-02-29
CVE-2023-50437
An issue was discovered in Couchbase Server before 7.2.x before 7.2.4. otpCookie is shown with full admin on pools/default/serverGroups and engageCluster2.
CVSS Score
8.6
EPSS Score
0.002
Published
2024-02-29
CVE-2023-49930
An issue was discovered in Couchbase Server before 7.2.4. cURL calls to /diag/eval are not sufficiently restricted.
CVSS Score
9.8
EPSS Score
0.004
Published
2024-02-29
CVE-2023-49931
An issue was discovered in Couchbase Server before 7.2.4. SQL++ cURL calls to /diag/eval are not sufficiently restricted.
CVSS Score
9.8
EPSS Score
0.005
Published
2024-02-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved