Sender: s3...@pjwstk.edu.pl
Subject: Couchbase Server - Remote Code Execution
Message-Id:
Recipient: lanware.secur...@lanware.co.uk
__
This email and any attachments to it may be confidential and are intended
solely for the
Sender: s3...@pjwstk.edu.pl
Subject: Couchbase Server - Remote Code Execution
Message-Id:
Recipient: lanware.secur...@lanware.co.uk
__
This email and any attachments to it may be confidential and are intended
solely for the
Hey,
Description:
Couchbase Server [1] exposes REST API [2] which by default is
available on TCP/8091 and/or TCP/18091.
Authenticated users can send arbitrary Erlang code to 'diag/eval'
endpoint of the API. The code will be subsequently executed in the
underlying operating system with privileges o