CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-9039
https://notcve.org/view.php?id=CVE-2019-9039
In Couchbase Sync Gateway 2.1.2, an attacker with access to the Sync Gateway’s public REST API was able to issue additional N1QL statements and extract sensitive data or call arbitrary N1QL functions through the parameters "startkey" and "endkey" on the "_all_docs" endpoint. By issuing nested queries with CPU-intensive operations they may have been able to cause increased resource usage and denial of service conditions. The _all_docs endpoint is not required for Couchbase Mobile replication and external access to this REST endpoint has been blocked to mitigate this issue. This issue has been fixed in versions 2.5.0 and 2.1.3. En Couchbase Sync Gateway 2.1.2, un atacante con acceso a la API REST pública de Sync Gateway pudo emitir sentencias N1QL adicionales y extraer datos confidenciales o llamar a funciones N1QL arbitrarias a través de los parámetros "startkey" y "endkey" en "_all_docs" punto final. • https://docs.couchbase.com/sync-gateway/2.5/release-notes.html https://research.hisolutions.com/2019/06/n1ql-injection-in-couchbase-sync-gateway-cve-2019-9039 https://www.couchbase.com/resources/security#SecurityAlerts • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2018-15728
https://notcve.org/view.php?id=CVE-2018-15728
Couchbase Server exposed the '/diag/eval' endpoint which by default is available on TCP/8091 and/or TCP/18091. Authenticated users that have 'Full Admin' role assigned could send arbitrary Erlang code to the 'diag/eval' endpoint of the API and the code would subsequently be executed in the underlying operating system with privileges of the user which was used to start Couchbase. Affects Version: 4.0.0, 4.1.2, 4.5.1, 5.0.0, 4.6.5, 5.0.1, 5.1.1, 5.5.0, 5.5.1. Fix Version: 6.0.0, 5.5.2 Couchbase Server expuso el punto final '/ diag / eval' que por defecto está disponible en TCP / 8091 y / o TCP / 18091. Los usuarios autenticados que tienen asignada la función 'Administrador total' pueden enviar código arbitrario de Erlang al punto final 'diag / eval' de la API y el código se ejecutará posteriormente en el sistema operativo subyacente con privilegios del usuario que se utilizó para iniciar Couchbase. • http://seclists.org/bugtraq/2018/Aug/49 http://www.securityfocus.com/bid/105157 https://www.couchbase.com/resources/security#SecurityAlerts • CWE-94: Improper Control of Generation of Code ('Code Injection') •