CVE-2019-11466

EUVD-2019-3139
In Couchbase Server 6.0.0 and 5.5.0, the eventing service exposes system diagnostic profile via an HTTP endpoint that does not require credentials on a port earmarked for internal traffic only. This has been remedied in version 6.0.1 and now requires valid credentials to access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
Affected Products (NVD)
VendorProductVersion
couchbasecouchbase_server
5.5.0
couchbasecouchbase_server
6.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.couchbase.com/resources/security#SecurityAlerts
https://www.couchbase.com/resources/security#SecurityAlerts