In versions of Couchbase Server prior to 5.0, the bucket named "default" was a special bucket that allowed read and write access without authentication. As part of 5.0, the behavior of all buckets including "default" were changed to only allow access by authenticated users with sufficient authorization. However, users were allowed unauthenticated and unauthorized access to the "default" bucket if the properties of this bucket were edited. This has been fixed in versions 5.1.0 and 5.5.0.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.couchbase.com/resources/security#SecurityAlerts |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-09-10T17:26:15
Updated: 2024-08-04T22:55:40.691Z
Reserved: 2019-04-23T00:00:00
Link: CVE-2019-11496
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-09-10T18:15:12.557
Modified: 2024-11-21T04:21:12.203
Link: CVE-2019-11496
Redhat
No data.