CVE-2021-25644

Published: May 19, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta. Incorrect commands to the REST API can result in leaked authentication information being stored in cleartext in the debug.log and info.log files, and is also shown in the UI visible to administrators.

Affected (2)

Products: Couchbase: Couchbase Server

1 product

Couchbase Server

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Couchbase Couchbase Server	From 5.0.0 to 6.6.1
Couchbase Couchbase Server	Version 7.0.0 beta

Related CWEs

Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References (4)

https://www.couchbase.com/downloads

Source: cve@mitre.org

ProductVendor Advisory

https://www.couchbase.com/resources/security#SecurityAlerts

Source: cve@mitre.org

Vendor Advisory

https://www.couchbase.com/downloads

Source: af854a3a-2127-422b-91ae-364da2661108

ProductVendor Advisory

https://www.couchbase.com/resources/security#SecurityAlerts

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.