GHSA-px2c-r924-mwcc
Suggest an improvement- Source
- https://github.com/advisories/GHSA-px2c-r924-mwcc
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/06/GHSA-px2c-r924-mwcc/GHSA-px2c-r924-mwcc.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-px2c-r924-mwcc
- Aliases
-
- CVE-2025-49015
- Published
- 2025-06-18T15:31:15Z
- Modified
- 2025-06-18T20:12:19.009831Z
- Severity
-
- 4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- Couchbase .NET SDK (client library) does not properly enable hostname verification for TLS certificates
- Details
-
The Couchbase .NET SDK (client library) before 3.7.1 does not properly enable hostname verification for TLS certificates. In fact, the SDK was also using IP addresses instead of hostnames due to a configuration option that was incorrectly enabled by default.
- Database specific
{ "nvd_published_at": "2025-06-18T14:15:44Z", "severity": "MODERATE", "github_reviewed_at": "2025-06-18T19:42:25Z", "github_reviewed": true, "cwe_ids": [ "CWE-297" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2025-49015
- https://github.com/couchbase/couchbase-net-client/commit/04d1679b2178f922036be6e595b3d91f972c5ba3
- https://docs.couchbase.com/server/current/release-notes/relnotes.html
- https://forums.couchbase.com/tags/security
- https://github.com/couchbase/couchbase-net-client
- https://www.couchbase.com/alerts
Affected packages
NuGet / CouchbaseNetClient
Package
- Name
- CouchbaseNetClient
- View open source insights on deps.dev
- Purl
- pkg:nuget/CouchbaseNetClient
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
0.*
0.9.0
0.9.1
0.9.2
1.*
1.0.0
1.0.1
1.1.0
1.1.0.1
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6
1.2.0-beta
1.2.0-beta-2
1.2.0-beta-3
1.2.0
1.2.1
1.2.2
1.2.2.1
1.2.3
1.2.4
1.2.5
1.2.6
1.2.7
1.2.8
1.2.9
1.3.0
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
1.3.7
1.3.8
1.3.9
1.3.10
1.3.11
1.3.12
1.3.13
2.*
2.0.0-beta
2.0.0-beta2
2.0.0
2.0.0.1
2.0.1
2.0.2
2.0.3
2.0.3.1
2.0.3.2
2.1.0
2.1.1
2.1.2
2.1.3
2.1.4
2.2.0-dp1
2.2.0
2.2.1
2.2.2
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8
2.3.0
2.3.1
2.3.3
2.3.4
2.3.5
2.3.6
2.3.7
2.3.8
2.3.9
2.3.10
2.3.11
2.4.0-dp1
2.4.0-dp2
2.4.0-dp3
2.4.0
2.4.1
2.4.2
2.4.3
2.4.4
2.4.5
2.4.6
2.4.7
2.4.8
2.5.0
2.5.1
2.5.2
2.5.3
2.5.4
2.5.5
2.5.6
2.5.7
2.5.8
2.5.9
2.5.10
2.5.11
2.5.12
2.6.0-beta
2.6.0-dp1
2.6.0
2.6.1
2.6.2
2.7.0
2.7.1
2.7.2
2.7.3
2.7.4
2.7.5
2.7.6
2.7.7
2.7.8
2.7.9
2.7.10
2.7.11
2.7.12
2.7.13
2.7.14
2.7.15
2.7.16
2.7.17
2.7.18
2.7.19
2.7.20
2.7.21
2.7.22
2.7.23
2.7.24
2.7.25
2.7.26
2.7.27
3.*
3.0.0-alpha1
3.0.0-alpha2
3.0.0-alpha3
3.0.0-alpha4
3.0.0-alpha5
3.0.0-beta1
3.0.0-beta2
3.0.0-beta3
3.0.0-beta4
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.1.0
3.1.1
3.1.2
3.1.3
3.1.4
3.1.5-donotuse-202105042202
3.1.5-donotuse-20210504335
3.1.5-local-202105032202
3.1.5
3.1.6
3.1.7
3.2.0
3.2.1
3.2.2
3.2.3
3.2.4
3.2.5
3.2.6
3.2.7
3.2.8
3.2.9
3.3.0
3.3.1
3.3.2
3.3.3
3.3.4
3.3.5
3.3.6
3.4.0
3.4.1
3.4.2
3.4.3
3.4.4
3.4.5
3.4.6
3.4.7
3.4.8
3.4.9
3.4.10
3.4.11
3.4.12
3.4.13
3.4.14-rc3
3.4.14
3.4.15
3.5.0
3.5.1-rc5
3.5.1
3.5.2
3.5.3
3.5.5
3.6.0
3.6.1
3.6.2
3.6.3
3.6.4
3.6.5-buildbot-r8718
3.6.5
3.6.6
3.7.0
3.7.1
3.7.2