CVE-2023-49338

Name of the Vulnerable Software and Affected Versions Couchbase Server versions 7.1.x through 7.2.3

Description The issue concerns the lack of authentication requirement for certain API endpoints. Specifically, the /admin/stats and /admin/vitals endpoints on TCP port 8093 of localhost do not require authentication. This affects the ability to secure sensitive information.

Recommendations For Couchbase Server versions 7.1.x through 7.2.3, update to version 7.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the /admin/stats and /admin/vitals endpoints on TCP port 8093 of localhost until a patch is available.