CVE-2021-37842

Published: Nov 2, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, which is being logged, has a tombstone purger time-stamp attached to it.

Affected (2)

Products: Couchbase: Couchbase Server

1 product

Couchbase Server

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Couchbase Couchbase Server	Version 7.0.0
Couchbase Couchbase Server	Version 7.0.1

Related CWEs

Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References (4)

https://docs.couchbase.com/server/current/release-notes/relnotes.html

Source: cve@mitre.org

Release NotesVendor Advisory

https://www.couchbase.com/alerts

Source: cve@mitre.org

Vendor Advisory

https://docs.couchbase.com/server/current/release-notes/relnotes.html

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://www.couchbase.com/alerts

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.