CVE-2019-11466

In Couchbase Server 6.0.0 and 5.5.0, the eventing service exposes system diagnostic profile via an HTTP endpoint that does not require credentials on a port earmarked for internal traffic only. This has been remedied in version 6.0.1 and now requires valid credentials to access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
VendorProductVersion
couchbasecouchbase_server
5.5.0
couchbasecouchbase_server
6.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.couchbase.com/resources/security#SecurityAlerts
https://www.couchbase.com/resources/security#SecurityAlerts