Approved changes feed: RSS · Atom

cpe:2.3:a:couchbase:couchbase_server:6.0.0:*:*:*:*:*:*:*

part: a version: 6.0.0 update: *

VendorCouchbase (75b35c19-6384-575a-856c-d68a8fd3e277)
ProductCouchbase Server (e100c321-0f35-5f96-a81f-506999d89dd6)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:github/couchbase/manifest purl2cpe 2026-06-01 10:17:18.433749
pkg:github/membase/manifest purl2cpe 2026-06-01 10:17:18.433750

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2020-9042 vulnerable 2026-06-08 05:27:20.309925 Details available
In Couchbase Server 6.0, credentials cached by a browser can be used to perform a CSRF attack if an administrator has used their browser to check the results of a REST API request.
Published: 2020-06-08T15:21:22.000Z
Updated: 2024-08-04T10:19:19.578Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-11466 vulnerable 2026-06-08 05:12:37.192235 Details available
In Couchbase Server 6.0.0 and 5.5.0, the eventing service exposes system diagnostic profile via an HTTP endpoint that does not require credentials on a port earmarked for internal traffic only. This has been remedied in version 6.0.1 and now requires valid credentials to access.
Published: 2019-09-10T17:02:30.000Z
Updated: 2024-08-04T22:55:40.205Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-11465 vulnerable 2026-06-08 05:12:37.191802 Details available
An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6.0.0. The Memcached "connections" stat block command emits a non-redacted username. The system information submitted to Couchbase as part of a bug report included the usernames for all users currently logged into the system even if the log was redacted for privacy. This has been fixed (in 5.5.4 and 6.0.1) so that usernames are tagged properly in the logs and are hashed out when the logs are redacted.
Published: 2019-09-10T16:55:49.000Z
Updated: 2024-08-04T22:55:39.999Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.