In Couchbase Server 5.1.1, the cookie used for intra-node communication was not generated securely. Couchbase Server uses erlang:now() to seed the PRNG which results in a small search space for potential random seeds that could then be used to brute force the cookie and execute code against a remote system. This has been fixed in version 6.0.0.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCouchbase Server
APPCouchbase5.1.1
Powiązane podatności
Niewystarczające ograniczenia wywołań cURL w Couchbase Server (SQL++)
Niewystarczające ograniczenia wywołań cURL w /diag/eval w Couchbase Server
An issue was discovered in Couchbase Server before 7.0.4. Random HTTP requests lead to leaked metrics.
Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Control. Externally managed users are not ...
Exposed Erlang Cookie could lead to Remote Command Execution (RCE) attack. Communication between Erlang nodes ...