exploitDog

CVE-2021-31158

Опубликовано: 19 мая 2021

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

In the Query Engine in Couchbase Server 6.5.x and 6.6.x through 6.6.1, Common Table Expression queries were not correctly checking the user's permissions, allowing read-access to resources beyond what those users were explicitly allowed to access.

Ссылки

https://docs.couchbase.com/server/current/release-notes/relnotes.html
Release Notes
Vendor Advisory
https://www.couchbase.com/resources/security#SecurityAlerts
Vendor Advisory
https://docs.couchbase.com/server/current/release-notes/relnotes.html
Release Notes
Vendor Advisory
https://www.couchbase.com/resources/security#SecurityAlerts
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*

Версия от 6.5.0 (включая) до 6.6.2 (исключая)

EPSS

Процентиль: 38%

0.00168

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-863

Связанные уязвимости

GHSA-j8hg-ph7r-fwmj

github

больше 3 лет назад

In the Query Engine in Couchbase Server 6.5.x and 6.6.x through 6.6.1, Common Table Expression queries were not correctly checking the user's permissions, allowing read-access to resources beyond what those users were explicitly allowed to access.

EPSS

Процентиль: 38%

0.00168

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-863