CVE-2024-25673

CWE-743 documents3 sources

Severity

6.1MEDIUM

EPSS

1.2%

top 21.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedSep 19

Description

Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earlier versions allows HTTP Host header injection.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

CVEList

CVE-2024-25673: Couchbase Server 7↗2024-09-19

▶

GHSA

GHSA-89vx-x763-hhwj: Couchbase Server 7↗2024-09-19

▶