Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-37842

metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, which is being logged, has a tombstone purger time-stamp attached to it.

Published

2021-11-02T12:15:07.773

Last Modified

2024-11-21T06:15:57.527

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-312

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	couchbase	couchbase_server	7.0.0	Yes
Application	couchbase	couchbase_server	7.0.1	Yes

References

https://docs.couchbase.com/server/current/release-notes/relnotes.html Release Notes, Vendor Advisory ([email protected])
https://www.couchbase.com/alerts Vendor Advisory ([email protected])
https://docs.couchbase.com/server/current/release-notes/relnotes.html Release Notes, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.couchbase.com/alerts Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)