exploitDog

CVE-2022-33173

Опубликовано: 12 июл. 2022

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

An algorithm-downgrade issue was discovered in Couchbase Server before 7.0.4. Analytics Remote Links may temporarily downgrade to non-TLS connection to determine the TLS port number, using SCRAM-SHA instead.

Ссылки

https://docs.couchbase.com/server/current/release-notes/relnotes.html
Release Notes
Vendor Advisory
https://forums.couchbase.com/tags/security
Vendor Advisory
https://www.couchbase.com/alerts
Vendor Advisory
https://docs.couchbase.com/server/current/release-notes/relnotes.html
Release Notes
Vendor Advisory
https://forums.couchbase.com/tags/security
Vendor Advisory
https://www.couchbase.com/alerts
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*

Версия от 6.6.0 (включая) до 7.0.4 (исключая)

EPSS

Процентиль: 66%

0.0051

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-r6mw-gxw7-63jg

CVSS3: 7.5

github

больше 3 лет назад

An algorithm-downgrade issue was discovered in Couchbase Server before 7.0.4. Analytics Remote Links may temporarily downgrade to non-TLS connection to determine the TLS port number, using SCRAM-SHA instead.

EPSS

Процентиль: 66%

0.0051

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-Other