CVE-2021-31158 Information

Jun 07, 2022 cve

Description

In the Query Engine in Couchbase Server 6.5.x and 6.6.x through 6.6.1 Common Table Expression queries were not correctly checking the user’s permissions allowing read-access to resources beyond what those users were explicitly allowed to access.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Reference

https://www.couchbase.com/resources/security#SecurityAlerts https://docs.couchbase.com/server/current/release-notes/relnotes.html

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

6.5

Share on: