CVE-2019-11496

In versions of Couchbase Server prior to 5.0, the bucket named "default" was a special bucket that allowed read and write access without authentication. As part of 5.0, the behavior of all buckets including "default" were changed to only allow access by authenticated users with sufficient authorization. However, users were allowed unauthenticated and unauthorized access to the "default" bucket if the properties of this bucket were edited. This has been fixed in versions 5.1.0 and 5.5.0.

Published : 2019-09-10 18:15 Updated : 2019-09-26 18:15

6.4
CVSS Score More info
Score 6.4 / 10
6.4
Vendor Product Version URI
Couchbase Couchbase Server 5.0.0 cpe:/a:couchbase:couchbase_server:5.0.0
  1. Couchbase (1) Search CVE
    1. Couchbase Server (1) Search CVE
      1. 5.0.0

CWE

ID Name Description Links
CWE-287 Improper Authentication When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. CVE

History of changes

Date Event
2019-09-26 18:15
2019-09-11 17:52
2019-09-10 18:19

New CVE