An issue was discovered in Couchbase Server before 7.2.4. SQL++ cURL calls to /diag/eval are not sufficiently restricted.
The /diag/eval endpoint in Couchbase Server is used to execute server-side code for diagnostic purposes. Insufficient restrictions on cURL calls initiated by SQL++ queries allow an attacker to send requests to this endpoint without proper authorization. As a result, it is possible to bypass access control mechanisms (CWE-284 — Improper Access Control) and interact with the protected diagnostic interface.
An unauthenticated attacker can gain full control over the server, including disclosure of sensitive data, data modification, and potentially disruption of service availability.
Couchbase Server must be updated to version 7.2.4 or later. Detailed information is available in the vendor's release notes at docs.couchbase.com/server/current/release-notes/relnotes.html and on the security alerts page at couchbase.com/alerts/
Couchbase Server in all versions before 7.2.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCouchbase Server
APPCouchbase5.0.0 – 7.2.4 (bez)
Related vulnerabilities
Niewystarczające ograniczenia wywołań cURL w /diag/eval w Couchbase Server
An issue was discovered in Couchbase Server before 7.0.4. Random HTTP requests lead to leaked metrics.
Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Control. Externally managed users are not ...
Exposed Erlang Cookie could lead to Remote Command Execution (RCE) attack. Communication between Erlang nodes ...
Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6.5, 5.0.0, 5.1.1, 5.5.0 and 5.5.1 have In...