CVE-2021-31158

CWE-863 — Incorrect Authorization3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.2%
top 63.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Couchbase Couchbase Server
Timeline
PublishedMay 19
Latest updateMay 24

Description

In the Query Engine in Couchbase Server 6.5.x and 6.6.x through 6.6.1, Common Table Expression queries were not correctly checking the user's permissions, allowing read-access to resources beyond what those users were explicitly allowed to access.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

▶NVDcouchbase/couchbase_server6.5.0 — 6.6.2

🔴Vulnerability Details

2
GHSA
GHSA-j8hg-ph7r-fwmj: In the Query Engine in Couchbase Server 6↗2022-05-24
â–¶
CVEList
CVE-2021-31158: In the Query Engine in Couchbase Server 6↗2021-05-19
â–¶
CVE-2021-31158 (MEDIUM CVSS 6.5) | In the Query Engine in Couchbase Se | cvebase.io