Reporting a Security Vulnerability
If you believe you have discovered a vulnerability, or have otherwise experienced a security problem related to Couchbase Server, please report this to us.
All vulnerability-reports should contain as much information as possible, to assist our engineers in investigating the issue. In particular, if possible, please include Common Vulnerability information. This includes:
A CVSS (Common Vulnerability Scoring System) Score.
A CVE (Common Vulnerability and Exposures) Identifier.
Your contact information, including an email-address and phone-number.
Couchbase, Inc. requests that you do not publicly disclose information regarding the reported vulnerability; until Couchbase has had the opportunity to analyze and to respond to the report, and itself duly notify key users, customers, and partners.
The amount of time required to validate and resolve a reported vulnerability depends on the complexity and severity of the issue; and on the possible presence of third-party dependencies. Couchbase takes all reports seriously; prioritizes their investigation; and publicizes confirmed vulnerabilities in the announcement forum, on the support knowledge-base.