CVE-2023-36667: 
Couchbase vulnerability analysis and mitigation

Couchbase Server 7.1.4 before 7.1.5 and 7.2.0 before 7.2.1 allows Directory Traversal. The vulnerability was discovered and disclosed on November 8, 2023, and has been assigned a CVSS v3.1 base score of 7.5 (HIGH) (NVD, Vendor Advisory).

The vulnerability is classified as CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'). The issue specifically affects the Windows UI component of Couchbase Server, allowing an attacker to traverse the filesystem and display files that Couchbase has access to. This vulnerability is particularly concerning as it doesn't require any authentication and can be exploited by simply appending folders/files to the Couchbase Server admin UI's URL (Vendor Advisory).

The vulnerability allows unauthorized access to view files on the system that Couchbase Server has access to, potentially exposing sensitive information. The high CVSS score of 7.5 indicates significant potential impact on the confidentiality of the system (NVD).

The vulnerability has been patched in Couchbase Server versions 7.1.5 and 7.2.1. Users running affected versions should upgrade to these patched versions to mitigate the risk (Release Notes, Vendor Advisory).