Login Sign Up

CVE-2023-50437

8.6 HIGH
Authentication Bypass

📋 TL;DR

CVE-2023-50437 exposes sensitive authentication cookies (otpCookie) to administrators through specific API endpoints in Couchbase Server. This allows administrators to potentially escalate privileges or impersonate other users. Affects Couchbase Server administrators and potentially all users if credentials are compromised.

💻 Affected Systems

Products:
  • Couchbase Server
Versions: All versions before 7.2.4
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: Requires administrative access to the affected API endpoints.

📦 What is this software?

Couchbase Server by Couchbase

View all CVEs affecting Couchbase Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full administrative takeover of Couchbase Server cluster, data exfiltration, and complete system compromise.

🟠

Likely Case

Privilege escalation within Couchbase Server, unauthorized access to sensitive data, and potential lateral movement within the database environment.

🟢

If Mitigated

Limited impact if proper access controls, network segmentation, and monitoring are in place to detect unusual administrative activity.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires administrative access to the vulnerable endpoints.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.2.4

Vendor Advisory: https://docs.couchbase.com/server/current/release-notes/relnotes.html

Restart Required: Yes

Instructions:

1. Backup Couchbase Server configuration and data. 2. Download and install Couchbase Server 7.2.4 from official sources. 3. Follow Couchbase upgrade procedures for your deployment. 4. Restart Couchbase Server services.

🔧 Temporary Workarounds

Restrict Administrative Access

all

Limit access to administrative interfaces and API endpoints to only trusted users and networks.

Network Segmentation

all

Isolate Couchbase Server management interfaces from general network access.

🧯 If You Can't Patch

  • Implement strict access controls and monitoring for administrative activities.
  • Segment Couchbase Server management network and implement firewall rules to restrict access.

🔍 How to Verify

Check if Vulnerable:

Check Couchbase Server version via web console or command line. If version is below 7.2.4, system is vulnerable.

Check Version:

couchbase-server --version

Verify Fix Applied:

Confirm Couchbase Server version is 7.2.4 or higher after patching.

📡 Detection & Monitoring

Log Indicators:

  • Unusual access patterns to /pools/default/serverGroups or engageCluster2 endpoints
  • Multiple failed authentication attempts followed by successful administrative access

Network Indicators:

  • Unusual API calls to administrative endpoints from unexpected sources

SIEM Query:

source="couchbase" AND (uri_path="/pools/default/serverGroups" OR uri_path="engageCluster2")

📊 Metadata

CVE ID: CVE-2023-50437
CVSS v3 Score: 8.6 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
CWE: CWE-266
Published: February 29, 2024
Last Updated: April 8, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-50437, you might also want to check these:

CVE-2026-23800 10.0

This vulnerability allows attackers to escalate privileges in Modular DS modular-connector WordPress...

Same vulnerability type (CWE-266)
CVE-2026-23550 10.0

This critical vulnerability in Modular DS allows attackers to escalate privileges due to incorrect p...

Same vulnerability type (CWE-266)
CVE-2025-41115 10.0

A critical vulnerability in Grafana's SCIM provisioning allows malicious SCIM clients to provision u...

Same vulnerability type (CWE-266)