CVE-2023-49338

CWE-276 — Incorrect Default Permissions3 documents3 sources

Severity

7.5HIGH

EPSS

0.4%

top 40.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Couchbase Couchbase Server

Timeline

PublishedFeb 28

Latest updateFeb 29

Description

Couchbase Server 7.1.x and 7.2.x before 7.2.4 does not require authentication for the /admin/stats and /admin/vitals endpoints on TCP port 8093 of localhost.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDcouchbase/couchbase_server4.0.0 — 7.2.4

🔴Vulnerability Details

GHSA

GHSA-2977-w3fj-rc33: Couchbase Server 7↗2024-02-29

▶

CVEList

CVE-2023-49338: Couchbase Server 7↗2024-02-28

▶