Couchbase Server 6.0.0
Approved changes feed: RSS · Atom
cpe:2.3:a:couchbase:couchbase_server:6.0.0:*:*:*:*:*:*:*
part: a version: 6.0.0 update: *
| Vendor | Couchbase (75b35c19-6384-575a-856c-d68a8fd3e277) |
|---|---|
| Product | Couchbase Server (e100c321-0f35-5f96-a81f-506999d89dd6) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/couchbase/manifest |
purl2cpe | 2026-06-01 10:17:18.433749 |
pkg:github/membase/manifest |
purl2cpe | 2026-06-01 10:17:18.433750 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2020-9042 |
vulnerable | 2026-06-08 05:27:20.309925 |
Details available
In Couchbase Server 6.0, credentials cached by a browser can be used to perform a CSRF attack if an administrator has used their browser to check the results of a REST API request.
Published: 2020-06-08T15:21:22.000Z
Updated: 2024-08-04T10:19:19.578Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-11466 |
vulnerable | 2026-06-08 05:12:37.192235 |
Details available
In Couchbase Server 6.0.0 and 5.5.0, the eventing service exposes system diagnostic profile via an HTTP endpoint that does not require credentials on a port earmarked for internal traffic only. This has been remedied in version 6.0.1 and now requires valid credentials to access.
Published: 2019-09-10T17:02:30.000Z
Updated: 2024-08-04T22:55:40.205Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-11465 |
vulnerable | 2026-06-08 05:12:37.191802 |
Details available
An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6.0.0. The Memcached "connections" stat block command emits a non-redacted username. The system information submitted to Couchbase as part of a bug report included the usernames for all users currently logged into the system even if the log was redacted for privacy. This has been fixed (in 5.5.4 and 6.0.1) so that usernames are tagged properly in the logs and are hashed out when the logs are redacted.
Published: 2019-09-10T16:55:49.000Z
Updated: 2024-08-04T22:55:39.999Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.