An issue was discovered in Couchbase Server 7.6.x through 7.6.3. A user with the security_admin_local role can create a new user in a group that has the admin role.
Weakness
The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Couchbase_server | Couchbase | 7.6.0 (including) | 7.6.3 (including) |