The host is installed with Couchbase Server 6.6.x before 7.1.4 and is prone to an authentication bypass vulnerability. A flaw is present in the application, which fails to properly handle issues in FTS stats endpoint at /api/nsstats. Successful exploitation could allow attackers to view the names of Couchbase Server buckets, the names of FTS indexes and configuration of FTS indexes without authentication.