CVE-2020-9039 PoC — Couchbase Server 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-9039.yaml

Associated Vulnerability

Title:Couchbase Server 安全漏洞 (CVE-2020-9039)
Description:Couchbase Server是美国Couchbase公司的一款分布式的开源NoSQL（非关系型）数据库，它主要支持数据查询、全文检索和主动全局复制等功能。 Couchbase Server中存在安全漏洞。攻击者可利用该漏洞获取访问权限。以下产品及版本受到影响：4.0.0版本，4.1.0版本，4.1.1版本，4.5.0版本，4.5.1版本，4.6.0版本至4.6.5版本，5.0.0版本，5.1.1版本，5.5.0版本，5.5.1版本。

Description

Couchbase Server versions 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0-4.6.5, 5.0.0, 5.1.1, 5.5.0, and 5.5.1 contain insecure permissions for the projector and indexer REST endpoints caused by unauthenticated access, letting attackers access administrative APIs without authentication, exploit requires no special conditions.

File Snapshot


 id: CVE-2020-9039
info:
  name: Couchbase Server - Broken Access Control
  author: pussycat0x
  seve

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!