In Couchbase Server 6.0.0 and 5.5.0, the eventing service exposes system diagnostic profile via an HTTP endpoint that does not require credentials on a port earmarked for internal traffic only. This has been remedied in version 6.0.1 and now requires valid credentials to access.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
couchbase couchbase server 5.5.0 |
||
couchbase couchbase server 6.0.0 |