Couchbase Server 5.0.0
Approved changes feed: RSS · Atom
cpe:2.3:a:couchbase:couchbase_server:5.0.0:*:*:*:*:*:*:*
part: a version: 5.0.0 update: *
| Vendor | Couchbase (75b35c19-6384-575a-856c-d68a8fd3e277) |
|---|---|
| Product | Couchbase Server (e100c321-0f35-5f96-a81f-506999d89dd6) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/couchbase/manifest |
purl2cpe | 2026-06-01 10:17:18.433711 |
pkg:github/membase/manifest |
purl2cpe | 2026-06-01 10:17:18.433713 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2020-9039 |
vulnerable | 2026-06-08 05:27:20.302868 |
Details available
Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6.5, 5.0.0, 5.1.1, 5.5.0 and 5.5.1 have Insecure Permissions for the projector and indexer REST endpoints (they allow unauthenticated access).The /settings REST endpoint exposed by the projector process is an endpoint that administrators can use for various tasks such as updating configuration and collecting performance profiles. The endpoint was unauthenticated and has been updated to only allow authenticated users to access these administrative APIs.
Published: 2020-02-22T01:30:33.000Z
Updated: 2024-08-04T10:19:19.501Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-11497 |
vulnerable | 2026-06-08 05:12:37.288021 |
Details available
In Couchbase Server 5.0.0, when an invalid Remote Cluster Certificate was entered as part of the reference creation, XDCR did not parse and check the certificate signature. It then accepted the invalid certificate and attempted to use it to establish future connections to the remote cluster. This has been fixed in version 5.5.0. XDCR now checks the validity of the certificate thoroughly and prevents a remote cluster reference from being created with an invalid certificate.
Published: 2019-09-10T17:24:04.000Z
Updated: 2024-08-04T22:55:40.632Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.