Critical severity9.8NVD Advisory· Published Feb 22, 2020· Updated Jun 17, 2026
CVE-2020-9039
CVE-2020-9039
Description
Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6.5, 5.0.0, 5.1.1, 5.5.0 and 5.5.1 have Insecure Permissions for the projector and indexer REST endpoints (they allow unauthenticated access).The /settings REST endpoint exposed by the projector process is an endpoint that administrators can use for various tasks such as updating configuration and collecting performance profiles. The endpoint was unauthenticated and has been updated to only allow authenticated users to access these administrative APIs.
Affected products
2- Couchbase/Serverdescription
- Range: 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6.5, 5.0.0, 5.1.1, 5.5.0 and 5.5.1
Patches
Vulnerability mechanics
References
1- www.couchbase.com/resources/securitynvdVendor Advisory
News mentions
0No linked articles in our index yet.