CVE-2022-42951

HIGH

Couchbase Server 6.5.x-6.6.5, 7.x<7.0.5, 7.1.x<7.1.2 - Improper Authentication during Node Startup

Title source: llm

Description

An issue was discovered in Couchbase Server 6.5.x and 6.6.x before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2. During the start-up of a Couchbase Server node, there is a small window of time (before the cluster management authentication has started) where an attacker can connect to the cluster manager using default credentials.

References (3)

Core 3

Core References

Release Notes

https://docs.couchbase.com/server/current/release-notes/relnotes.html

Issue Tracking

https://forums.couchbase.com/tags/security

Vendor Advisory

https://www.couchbase.com/alerts/

Scores

CVSS v3 8.1

EPSS 0.0066

EPSS Percentile 46.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-287 CWE-362

Status published

Products (1)

couchbase/couchbase_server 6.5.0 - 6.6.6

Published Feb 06, 2023

Tracked Since Feb 18, 2026