An issue was discovered in Couchbase Server 6.5.x and 6.6.x through 6.6.1. When using the View Engine and Auditing is enabled, a crash condition can (depending on a race condition) cause an internal user with administrator privileges, @ns_server, to have its credentials leaked in cleartext in the ns_server.info.log file.
2021-05-19T19:15:08.387
2024-11-21T05:58:50.057
Modified
CVSSv3.1: 4.4 (MEDIUM)
AV:N/AC:M/Au:S/C:P/I:N/A:N
6.8
2.9
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | couchbase | couchbase_server | < 6.6.2 | Yes |