CVE-2019-11466

In Couchbase Server 6.0.0 and 5.5.0, the eventing service exposes system diagnostic profile via an HTTP endpoint that does not require credentials on a port earmarked for internal traffic only. This has been remedied in version 6.0.1 and now requires valid credentials to access.

Published : 2019-09-10 18:15 Updated : 2019-09-26 20:15

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
Couchbase Couchbase Server 5.5.0 cpe:/a:couchbase:couchbase_server:5.5.0
Couchbase Couchbase Server 6.0.0 cpe:/a:couchbase:couchbase_server:6.0.0
  1. Couchbase (1) Search CVE
    1. Couchbase Server (2) Search CVE
      1. 5.5.0
      2. 6.0.0

CWE

ID Name Description Links
CWE-287 Improper Authentication When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. CVE

History of changes

Date Event
2019-09-26 20:15
2019-09-11 17:44
2019-09-11 14:50
2019-09-10 18:19

New CVE