Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6.5, 5.0.0, 5.1.1, 5.5.0 and 5.5.1 have Insecure Permissions for the projector and indexer REST endpoints (they allow unauthenticated access).The /settings REST endpoint exposed by the projector process is an endpoint that administrators can use for various tasks such as updating configuration and collecting performance profiles. The endpoint was unauthenticated and has been updated to only allow authenticated users to access these administrative APIs.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.couchbase.com/resources/security#SecurityAlerts |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-02-22T01:30:33
Updated: 2024-08-04T10:19:19.501Z
Reserved: 2020-02-17T00:00:00
Link: CVE-2020-9039
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-02-22T02:15:10.617
Modified: 2024-11-21T05:39:52.760
Link: CVE-2020-9039
Redhat
No data.