Reporting a Security Vulnerability

Reporting a Security Vulnerability

If you believe you have discovered a vulnerability, or have otherwise experienced a security problem related to Couchbase Server, please report this to us.

Reporting an Issue

To report an issue, please either Submit a request, or open a JIRA issue. Each procedure associates the issue with an identification number; which can be used for tracking purposes.

Providing Information

All vulnerability-reports should contain as much information as possible, to assist our engineers in investigating the issue. In particular, if possible, please include Common Vulnerability information. This includes:

  • A CVSS (Common Vulnerability Scoring System) Score.

  • A CVE (Common Vulnerability and Exposures) Identifier.

  • Your contact information, including an email-address and phone-number.

Restricting Disclosure

Couchbase, Inc. requests that you do not publicly disclose information regarding the reported vulnerability; until Couchbase has had the opportunity to analyze and to respond to the report, and itself duly notify key users, customers, and partners.

The amount of time required to validate and resolve a reported vulnerability depends on the complexity and severity of the issue; and on the possible presence of third-party dependencies. Couchbase takes all reports seriously; prioritizes their investigation; and publicizes confirmed vulnerabilities in the announcement forum, on the support knowledge-base.