Описание
Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6.5, 5.0.0, 5.1.1, 5.5.0 and 5.5.1 have Insecure Permissions for the projector and indexer REST endpoints (they allow unauthenticated access).The /settings REST endpoint exposed by the projector process is an endpoint that administrators can use for various tasks such as updating configuration and collecting performance profiles. The endpoint was unauthenticated and has been updated to only allow authenticated users to access these administrative APIs.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 4.6.0 (включая) до 4.6.5 (включая)
Одно из
cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*
cpe:2.3:a:couchbase:couchbase_server:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:couchbase:couchbase_server:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:couchbase:couchbase_server:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:couchbase:couchbase_server:4.5.0:*:*:*:*:*:*:*
cpe:2.3:a:couchbase:couchbase_server:4.5.1:*:*:*:*:*:*:*
cpe:2.3:a:couchbase:couchbase_server:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:couchbase:couchbase_server:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:couchbase:couchbase_server:5.5.0:*:*:*:*:*:*:*
cpe:2.3:a:couchbase:couchbase_server:5.5.1:*:*:*:*:*:*:*
EPSS
Процентиль: 97%
0.30585
Средний
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-276
Связанные уязвимости
github
больше 3 лет назад
Couchbase Server 4.x and 5.x before 6.0.0 has Insecure Permissions for the projector and indexer REST endpoints (they allow unauthenticated access).
EPSS
Процентиль: 97%
0.30585
Средний
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-276