CVE-2024-37034

Published: Jul 26, 2024Modified: Mar 14, 2025

5.9

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

An issue was discovered in Couchbase Server before 7.2.5 and 7.6.0 before 7.6.1. It does not ensure that credentials are negotiated with the Key-Value (KV) service using SCRAM-SHA when remote link encryption is configured for Half-Secure.

Affected (2)

Products: Couchbase: Couchbase Server

Couchbase

1 product

Couchbase Server

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Couchbase Couchbase Server	From 6.0.0 to 7.2.5
Couchbase Couchbase Server	Version 7.6.0

Related CWEs

CWE-326

Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

References (2)

https://www.couchbase.com/alerts/

Source: cve@mitre.org

Vendor Advisory

https://www.couchbase.com/alerts/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.