3 matches found
PT-2024-13835 · Couchbase · Couchbase Server
Name of the Vulnerable Software and Affected Versions: Couchbase Server versions prior to 7.2.4 Description: An issue was discovered in Couchbase Server where cURL calls to the "/diag/eval" API endpoint are not sufficiently restricted. Recommendations: For versions prior to 7.2.4, update to versi...
CVE-2018-15728
Couchbase Server exposed the '/diag/eval' endpoint which by default is available on TCP/8091 and/or TCP/18091. Authenticated users that have 'Full Admin' role assigned could send arbitrary Erlang code to the 'diag/eval' endpoint of the API and the code would subsequently be executed in the...
Code injection
Couchbase Server exposed the '/diag/eval' endpoint which by default is available on TCP/8091 and/or TCP/18091. Authenticated users that have 'Full Admin' role assigned could send arbitrary Erlang code to the 'diag/eval' endpoint of the API and the code would subsequently be executed in the...