Approved changes feed: RSS · Atom

cpe:2.3:a:couchbase:couchbase_server:5.0.0:*:*:*:*:*:*:*

part: a version: 5.0.0 update: *

VendorCouchbase (75b35c19-6384-575a-856c-d68a8fd3e277)
ProductCouchbase Server (e100c321-0f35-5f96-a81f-506999d89dd6)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:github/couchbase/manifest purl2cpe 2026-06-01 10:17:18.433711
pkg:github/membase/manifest purl2cpe 2026-06-01 10:17:18.433713

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2020-9039 vulnerable 2026-06-08 05:27:20.302868 Details available
Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6.5, 5.0.0, 5.1.1, 5.5.0 and 5.5.1 have Insecure Permissions for the projector and indexer REST endpoints (they allow unauthenticated access).The /settings REST endpoint exposed by the projector process is an endpoint that administrators can use for various tasks such as updating configuration and collecting performance profiles. The endpoint was unauthenticated and has been updated to only allow authenticated users to access these administrative APIs.
Published: 2020-02-22T01:30:33.000Z
Updated: 2024-08-04T10:19:19.501Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-11497 vulnerable 2026-06-08 05:12:37.288021 Details available
In Couchbase Server 5.0.0, when an invalid Remote Cluster Certificate was entered as part of the reference creation, XDCR did not parse and check the certificate signature. It then accepted the invalid certificate and attempted to use it to establish future connections to the remote cluster. This has been fixed in version 5.5.0. XDCR now checks the validity of the certificate thoroughly and prevents a remote cluster reference from being created with an invalid certificate.
Published: 2019-09-10T17:24:04.000Z
Updated: 2024-08-04T22:55:40.632Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.