CVE-2019-11497

CWE-295Improper Certificate Validation3 documents3 sources
Severity
7.5HIGH
EPSS
0.1%
top 67.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Couchbase Couchbase Server
Timeline
PublishedSep 10
Latest updateMay 24

Description

In Couchbase Server 5.0.0, when an invalid Remote Cluster Certificate was entered as part of the reference creation, XDCR did not parse and check the certificate signature. It then accepted the invalid certificate and attempted to use it to establish future connections to the remote cluster. This has been fixed in version 5.5.0. XDCR now checks the validity of the certificate thoroughly and prevents a remote cluster reference from being created with an invalid certificate.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-9857-wwhp-87gw: An issue was discovered in Couchbase Server 52022-05-24
CVEList
CVE-2019-11497: In Couchbase Server 52019-09-10
CVE-2019-11497 (HIGH CVSS 7.5) | In Couchbase Server 5.0.0 | cvebase.io