First published: Wed Feb 28 2024(Updated: )
Couchbase Server 7.1.x and 7.2.x before 7.2.4 does not require authentication for the /admin/stats and /admin/vitals endpoints on TCP port 8093 of localhost.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Wut Com-server Highspeed 100baselx | >=7.1.0<7.2.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-49338 is considered a high severity vulnerability due to the lack of authentication on sensitive administrative endpoints.
To fix CVE-2023-49338, upgrade Couchbase Server to version 7.2.4 or later to ensure authentication is enforced.
CVE-2023-49338 affects Couchbase Server versions 7.1.x and 7.2.x prior to 7.2.4.
The vulnerable endpoints in CVE-2023-49338 are /admin/stats and /admin/vitals on TCP port 8093.
Yes, CVE-2023-49338 allows unauthorized access to critical administrative data because authentication is not required for the affected endpoints.