Homepage

couchbase@3.0.2b9 vulnerabilities

Python Client for Couchbase

  • latest version

    4.4.0

  • latest non vulnerable version

    4.4.0

  • first published

    13 years ago

  • latest version published

    3 months ago

  • licenses detected

  • View couchbase package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the couchbase package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • C
    Privilege Escalation

    couchbase is a Python Client for Couchbase

    Affected versions of this package are vulnerable to Privilege Escalation such that admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, the admin credentials provided to the Admin REST API are ignored, resulting in privilege escalation for unauthenticated users.

    Note: The Public REST API is not impacted by this issue.

    How to fix Privilege Escalation?

    Upgrade couchbase to version 3.0.2 or higher.

    [3.0.0,3.0.2)
    Go back to all versions of this package