Sync Gateway
Approved changes feed: RSS · Atom
cpe:2.3:a:couchbase:sync_gateway:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Couchbase (75b35c19-6384-575a-856c-d68a8fd3e277) |
|---|---|
| Product | Sync Gateway (a533cf93-30ce-57f4-8015-46970260cb3b) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:docker/tleyden5iwx/sync_gateway |
purl2cpe | 2026-06-01 10:17:18.455645 |
pkg:github/couchbase/sync_gateway |
purl2cpe | 2026-06-01 10:17:18.455649 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-52490 |
vulnerable | 2026-06-08 07:31:11.678515 |
Details available
An issue was discovered in Couchbase Sync Gateway before 3.2.6. In sgcollect_info_options.log and sync_gateway.log, there are cleartext passwords in redacted and unredacted output.
Published: 2025-07-29T00:00:00.000Z
Updated: 2025-07-29T20:27:03.220Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-32563 |
vulnerable | 2026-06-08 05:44:45.138212 |
Details available
An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, the admin credentials provided to the Admin REST API are ignored, resulting in privilege escalation for unauthenticated users. The Public REST API is not impacted by this issue. A workaround is to replace X.509 certificate based authentication with Username and Password authentication inside the bootstrap configuration.
Published: 2022-06-10T11:57:58.000Z
Updated: 2024-08-03T07:46:43.590Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-43963 |
vulnerable | 2026-06-08 05:36:44.662281 |
Details available
An issue was discovered in Couchbase Sync Gateway 2.7.0 through 2.8.2. The bucket credentials used to read and write data in Couchbase Server were insecurely being stored in the metadata within sync documents written to the bucket. Users with read access could use these credentials to obtain write access. (This issue does not affect clusters where Sync Gateway is authenticated with X.509 client certificates. This issue also does not affect clusters where shared bucket access is not enabled on Sync Gateway.)
Published: 2021-12-07T21:05:13.000Z
Updated: 2024-08-04T04:10:17.137Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-9041 |
vulnerable | 2026-06-08 05:27:20.308430 |
Details available
In Couchbase Server 6.0.3 and Couchbase Sync Gateway through 2.7.0, the Cluster management, views, query, and full-text search endpoints are vulnerable to the Slowloris denial-of-service attack because they don't more aggressively terminate slow connections.
Published: 2020-06-08T15:21:37.000Z
Updated: 2024-08-04T10:19:19.797Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.