In the Query Engine in Couchbase Server 6.5.x and 6.6.x through 6.6.1, Common Table Expression queries were not correctly checking the user's permissions, allowing read-access to resources beyond what those users were explicitly allowed to access.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-05-19T18:37:15

Updated: 2024-08-03T22:48:14.440Z

Reserved: 2021-04-14T00:00:00

Link: CVE-2021-31158

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2021-05-19T19:15:08.420

Modified: 2021-05-25T18:58:43.340

Link: CVE-2021-31158

cve-icon Redhat

No data.