Approved changes feed: RSS · Atom

cpe:2.3:a:couchbase:couchbase_server:5.1.1:*:*:*:*:*:*:*

part: a version: 5.1.1 update: *

VendorCouchbase (75b35c19-6384-575a-856c-d68a8fd3e277)
ProductCouchbase Server (e100c321-0f35-5f96-a81f-506999d89dd6)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:github/couchbase/manifest purl2cpe 2026-06-01 10:17:18.433720
pkg:github/membase/manifest purl2cpe 2026-06-01 10:17:18.433721

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2020-9039 vulnerable 2026-06-08 05:27:20.303601 Details available
Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6.5, 5.0.0, 5.1.1, 5.5.0 and 5.5.1 have Insecure Permissions for the projector and indexer REST endpoints (they allow unauthenticated access).The /settings REST endpoint exposed by the projector process is an endpoint that administrators can use for various tasks such as updating configuration and collecting performance profiles. The endpoint was unauthenticated and has been updated to only allow authenticated users to access these administrative APIs.
Published: 2020-02-22T01:30:33.000Z
Updated: 2024-08-04T10:19:19.501Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-11495 vulnerable 2026-06-08 05:12:37.286242 Details available
In Couchbase Server 5.1.1, the cookie used for intra-node communication was not generated securely. Couchbase Server uses erlang:now() to seed the PRNG which results in a small search space for potential random seeds that could then be used to brute force the cookie and execute code against a remote system. This has been fixed in version 6.0.0.
Published: 2019-09-10T17:16:29.000Z
Updated: 2024-08-04T22:55:40.284Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.