In Couchbase Server 5.1.1, the cookie used for intra-node communication was not generated securely. Couchbase Server uses erlang:now() to seed the PRNG which results in a small search space for potential random seeds that could then be used to brute force the cookie and execute code against a remote system. This has been fixed in version 6.0.0.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCouchbase Server
APPCouchbase5.1.1
Related vulnerabilities
Niewystarczające ograniczenia wywołań cURL w Couchbase Server (SQL++)
Niewystarczające ograniczenia wywołań cURL w /diag/eval w Couchbase Server
An issue was discovered in Couchbase Server before 7.0.4. Random HTTP requests lead to leaked metrics.
Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Control. Externally managed users are not ...
Exposed Erlang Cookie could lead to Remote Command Execution (RCE) attack. Communication between Erlang nodes ...