Vulnerability Description
In Couchbase Sync Gateway 2.1.2, an attacker with access to the Sync Gateway’s public REST API was able to issue additional N1QL statements and extract sensitive data or call arbitrary N1QL functions through the parameters "startkey" and "endkey" on the "_all_docs" endpoint. By issuing nested queries with CPU-intensive operations they may have been able to cause increased resource usage and denial of service conditions. The _all_docs endpoint is not required for Couchbase Mobile replication and external access to this REST endpoint has been blocked to mitigate this issue. This issue has been fixed in versions 2.5.0 and 2.1.3.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Couchbase | Sync Gateway | 2.1.2 |
Related Weaknesses (CWE)
References
- https://docs.couchbase.com/sync-gateway/2.5/release-notes.htmlRelease NotesVendor Advisory
- https://research.hisolutions.com/2019/06/n1ql-injection-in-couchbase-sync-gatewaExploitThird Party Advisory
- https://www.couchbase.com/resources/security#SecurityAlerts
- https://docs.couchbase.com/sync-gateway/2.5/release-notes.htmlRelease NotesVendor Advisory
- https://research.hisolutions.com/2019/06/n1ql-injection-in-couchbase-sync-gatewaExploitThird Party Advisory
- https://www.couchbase.com/resources/security#SecurityAlerts
FAQ
What is CVE-2019-9039?
CVE-2019-9039 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In Couchbase Sync Gateway 2.1.2, an attacker with access to the Sync Gateway’s public REST API was able to issue additional N1QL statements and extract sensitive data or call arbitrary N1QL functions ...
How severe is CVE-2019-9039?
CVE-2019-9039 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-9039?
Check the references section above for vendor advisories and patch information. Affected products include: Couchbase Sync Gateway.