Couchbase Server - Remote Code Execution

Sender: s3...@pjwstk.edu.pl Subject: Couchbase Server - Remote Code Execution Message-Id: Recipient: lanware.secur...@lanware.co.uk __ This email and any attachments to it may be confidential and are intended solely for the

Couchbase Server - Remote Code Execution

Sender: s3...@pjwstk.edu.pl Subject: Couchbase Server - Remote Code Execution Message-Id: Recipient: lanware.secur...@lanware.co.uk __ This email and any attachments to it may be confidential and are intended solely for the

Couchbase Server - Remote Code Execution

Hey, Description: Couchbase Server [1] exposes REST API [2] which by default is available on TCP/8091 and/or TCP/18091. Authenticated users can send arbitrary Erlang code to 'diag/eval' endpoint of the API. The code will be subsequently executed in the underlying operating system with privileges o