CVE-2023-49931

CRITICAL

Couchbase Server 5.0.0-7.2.3 - Improper Access Control via /diag/eval cURL Calls

Title source: llm

An issue was discovered in Couchbase Server before 7.2.4. SQL++ cURL calls to /diag/eval are not sufficiently restricted.

Core 3

Core References

Release Notes

Issue Tracking, Product

Vendor Advisory

CVSS v3 9.8

EPSS 0.0091

EPSS Percentile 55.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

CWE

CWE-284

Status published

Products (1)

couchbase/couchbase_server 5.0.0 - 7.2.4

Published Feb 29, 2024

Tracked Since Feb 18, 2026