As part of our commitment to providing world class Enterprise Software and Support for our customers, at Couchbase we're dedicated to ensuring that you can maintain a secure deployment at all times. In addition to our public facing pages on Security, this article documents all recent security alerts which you may wish to take action on and plan to upgrade to mitigate. This table contains all recent entries from the full list maintained on our Security Alerts page.
Full Text Search (FTS) nsstats endpoint is accessible without authentication.
The FTS stats endpoint at /api/nsstats does not implement correct authentication, so it is possible to view the names of Couchbase Server buckets, the names of FTS indexes and configuration of FTS indexes without authentication. The contents of the buckets and indexes are not exposed.