couchbase-buckets-api: Couchbase Buckets Unauthenticated REST API - Detect

日期: 2025-08-01 | 影响软件: couchbase buckets | POC: 已公开

漏洞描述

Couchbase Buckets REST API without authentication was detected.

PoC代码[已公开]

id: couchbase-buckets-api

info:
  name: Couchbase Buckets Unauthenticated REST API - Detect
  author: geeknik
  severity: medium
  description: Couchbase Buckets REST API without authentication was detected.
  reference:
    - https://docs.couchbase.com/server/current/rest-api/rest-bucket-intro.html
    - https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-metricset-couchbase-bucket.html
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cwe-id: CWE-200
  metadata:
    max-request: 1
  tags: exposure,couchbase,discovery

http:
  - method: GET
    path:
      - "{{BaseURL}}/pools/default/buckets"

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: word
        words:
          - '"couchbase":'
          - '"bucket":'
          - '"data":'
        condition: and

      - type: word
        part: header
        words:
          - 'application/json'
# digest: 4a0a00473045022100d557cd70886daff1b7f89dd4a20fa35ae77b8a2ee03d362b885bd9e62c92211a0220045f5b50d06fd202442f74a46ccb19f99e226c18a194ab5afb85ff7f024eb74e:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/exposures/apis/couchbase-buckets-api.yaml