9.8

CVE-2020-9039

EPSS 0.39%
Veröffentlicht 22.02.2020 02:15:10
Zuletzt bearbeitet 21.11.2024 05:39:52
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6.5, 5.0.0, 5.1.1, 5.5.0 and 5.5.1 have Insecure Permissions for the projector and indexer REST endpoints (they allow unauthenticated access).The /settings REST endpoint exposed by the projector process is an endpoint that administrators can use for various tasks such as updating configuration and collecting performance profiles. The endpoint was unauthenticated and has been updated to only allow authenticated users to access these administrative APIs.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Couchbase ≫ Couchbase Server Version >= 4.6.0 <= 4.6.5

Couchbase ≫ Couchbase Server Version4.0.0

Couchbase ≫ Couchbase Server Version4.1.0

Couchbase ≫ Couchbase Server Version4.1.1

Couchbase ≫ Couchbase Server Version4.5.0

Couchbase ≫ Couchbase Server Version4.5.1

Couchbase ≫ Couchbase Server Version5.0.0

Couchbase ≫ Couchbase Server Version5.1.1

Couchbase ≫ Couchbase Server Version5.5.0

Couchbase ≫ Couchbase Server Version5.5.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.39%	0.592

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

https://www.couchbase.com/resources/security#SecurityAlerts

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-9039

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-9039

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-9039

EUVD