PT-2024-13729 · Couchbase · Couchbase Server

Name of the Vulnerable Software and Affected Versions: Couchbase Server versions 7.1.x through 7.2.3 Description: The issue concerns the lack of authentication requirement for certain API endpoints. Specifically, the /admin/stats and /admin/vitals endpoints on TCP port 8093 of localhost do not...

PT-2024-13836 · Couchbase · Couchbase Server

Name of the Vulnerable Software and Affected Versions: Couchbase Server versions prior to 7.2.4 Description: An issue was discovered where SQL++ cURL calls to the "/diag/eval" API endpoint are not sufficiently restricted. Recommendations: For versions prior to 7.2.4, update to version 7.2.4 or...