Vulnerability Details CVE-2023-28470
In Couchbase Server 5 through 7 before 7.1.4, the nsstats endpoint is accessible without authentication.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 48.7%
CVSS Severity
CVSS v3 Score 5.3
References
- https://docs.couchbase.com/server/current/release-notes/relnotes.html
- https://forums.couchbase.com/tags/security
- https://www.couchbase.com/alerts/
- https://www.couchbase.com/downloads
- https://docs.couchbase.com/server/current/release-notes/relnotes.html
- https://forums.couchbase.com/tags/security
- https://www.couchbase.com/alerts/
- https://www.couchbase.com/downloads
Products affected by CVE-2023-28470
-
cpe:2.3:a:couchbase:couchbase_server:6.6.0
-
cpe:2.3:a:couchbase:couchbase_server:6.6.1
-
cpe:2.3:a:couchbase:couchbase_server:6.6.2
-
cpe:2.3:a:couchbase:couchbase_server:6.6.3
-
cpe:2.3:a:couchbase:couchbase_server:6.6.6
-
cpe:2.3:a:couchbase:couchbase_server:7.0.0
-
cpe:2.3:a:couchbase:couchbase_server:7.0.1
-
cpe:2.3:a:couchbase:couchbase_server:7.0.2
-
cpe:2.3:a:couchbase:couchbase_server:7.0.3
-
cpe:2.3:a:couchbase:couchbase_server:7.0.4
-
cpe:2.3:a:couchbase:couchbase_server:7.0.5
-
cpe:2.3:a:couchbase:couchbase_server:7.1.0
-
cpe:2.3:a:couchbase:couchbase_server:7.1.1
-
cpe:2.3:a:couchbase:couchbase_server:7.1.2
-
cpe:2.3:a:couchbase:couchbase_server:7.1.3