CVE-2022-32563

An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, the admin credentials provided to the Admin REST API are ignored, resulting in privilege escalation for unauthenticated users. The Public REST API is not impacted by this issue. A workaround is to replace X.509 certificate based authentication with Username and Password authentication inside the bootstrap configuration.

CVSS v3 9.8 CRITICAL
CVSS v2.0 6.8 MEDIUM

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://forums.couchbase.com/tags/security	Vendor Advisory
https://www.couchbase.com/alerts	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:couchbase:sync_gateway:*:*:*:*:*:*:*:*

History

17 Jun 2022, 15:30

Type	Values Removed	Values Added
CWE		CWE-295
CPE		cpe:2.3:a:couchbase:sync_gateway::::::::
References	~~(MISC) https://www.couchbase.com/alerts -~~	(MISC) https://www.couchbase.com/alerts - Vendor Advisory
References	~~(MISC) https://forums.couchbase.com/tags/security -~~	(MISC) https://forums.couchbase.com/tags/security - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 6.8 v3 : 9.8

10 Jun 2022, 13:02

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-06-10 12:15

Updated : 2024-02-04 22:29

NVD link : CVE-2022-32563

Mitre link : CVE-2022-32563

CVE.ORG link : CVE-2022-32563

JSON object : View

Products Affected

couchbase

sync_gateway

CWE

CWE-295

Improper Certificate Validation

{"id": "CVE-2022-32563", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-06-10T12:15:07.927", "references": [{"url": "https://forums.couchbase.com/tags/security", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.couchbase.com/alerts", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, the admin credentials provided to the Admin REST API are ignored, resulting in privilege escalation for unauthenticated users. The Public REST API is not impacted by this issue. A workaround is to replace X.509 certificate based authentication with Username and Password authentication inside the bootstrap configuration."}, {"lang": "es", "value": "Se ha detectado un problema en Couchbase Sync Gateway versiones 3.x anteriores a 3.0.2. Las credenciales de administrador no son verificadas cuando es usada la autenticaci\u00f3n de certificado de cliente X.509 desde Sync Gateway a Couchbase Server. Cuando Sync Gateway est\u00e1 configurado para autenticarse con el Servidor Couchbase usando certificados de cliente X.509, las credenciales de administrador proporcionadas a la API REST de administraci\u00f3n son ignoradas, resultando en una escalada de privilegios para los usuarios no autenticados. La API REST p\u00fablica no est\u00e1 afectada por este problema. Una mitigaci\u00f3n es sustituir la autenticaci\u00f3n basada en certificados X.509 por la autenticaci\u00f3n de nombre de usuario y contrase\u00f1a dentro de la configuraci\u00f3n de arranque"}], "lastModified": "2022-06-17T15:30:55.997", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:couchbase:sync_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95725706-1E4F-4D39-8540-0577680E09EF", "versionEndExcluding": "3.0.2", "versionStartIncluding": "3.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}