Approved changes feed: RSS · Atom

cpe:2.3:a:couchbase:couchbase_server:4.1.0:*:*:*:*:*:*:*

part: a version: 4.1.0 update: *

VendorCouchbase (75b35c19-6384-575a-856c-d68a8fd3e277)
ProductCouchbase Server (e100c321-0f35-5f96-a81f-506999d89dd6)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:github/couchbase/manifest purl2cpe 2026-06-01 10:17:18.433687
pkg:github/membase/manifest purl2cpe 2026-06-01 10:17:18.433688

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2020-9039 vulnerable 2026-06-08 05:27:20.300207 Details available
Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6.5, 5.0.0, 5.1.1, 5.5.0 and 5.5.1 have Insecure Permissions for the projector and indexer REST endpoints (they allow unauthenticated access).The /settings REST endpoint exposed by the projector process is an endpoint that administrators can use for various tasks such as updating configuration and collecting performance profiles. The endpoint was unauthenticated and has been updated to only allow authenticated users to access these administrative APIs.
Published: 2020-02-22T01:30:33.000Z
Updated: 2024-08-04T10:19:19.501Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.