See Recorded Future’s Threat Intelligence Solutions in Action

See our Threat Intelligence Solutions in Action

Reduce risk and mitigate cyber attacks, no matter your IT & security stack, maturity journey, or industry

Book a free demo

View Solutions to Reduce Risk

See Recorded Future’s Intelligence in Action

Reduce operational risk through timely, precise, and actionable intelligence.

Book a free demo

Intelligence Cloud Overview

View Services & Support Overview

View Research Overview

CVE-2024-56178

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jan 27, 2025

Updated: Jan 28, 2025

CWE ID 281

Summary

CVE-2024-56178 is a vulnerability affecting Couchbase Server versions 7.6.x through 7.6.3. This issue grants a user with the security_admin_local role the ability to create new users in groups that hold the admin role. Essentially, it allows unintended users to assume administrative privileges, posing a potential security risk to the database. Unauthorized users gaining administrative access can lead to data manipulation, unauthorized data access, or even system compromise. It is recommended that affected systems are upgraded to the latest version of Couchbase Server as soon as possible to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Couchbase Server

Affected Vendors

Couchbase

Advisories, Assessments, and Mitigations

Back to Vulnerability Database