CVE-2023-49930

CRITICAL

Couchbase Server 7.1.5-7.2.3 - Improper Access Control via /diag/eval cURL Calls

Title source: llm

An issue was discovered in Couchbase Server before 7.2.4. cURL calls to /diag/eval are not sufficiently restricted.

Core 3

Core References

Release Notes

Issue Tracking

Vendor Advisory

CVSS v3 9.8

EPSS 0.0090

EPSS Percentile 55.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

CWE

CWE-284

Status published

Products (1)

couchbase/couchbase_server 7.1.5 - 7.2.4

Published Feb 29, 2024

Tracked Since Feb 18, 2026