CVE-2019-11465
Last modified
CVE-2019-11465 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6.0.0. The Memcached "connections" stat block command emits a non-redacted username. EPSS estimates a 1.17% chance of exploitation in the next 30 days.
Description
An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6.0.0. The Memcached "connections" stat block command emits a non-redacted username. The system information submitted to Couchbase as part of a bug report included the usernames for all users currently logged into the system even if the log was redacted for privacy. This has been fixed (in 5.5.4 and 6.0.1) so that usernames are tagged properly in the logs and are hashed out when the logs are redacted.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Couchbase | Couchbase Server | >= 5.5.0, <= 5.5.3 |
| Couchbase | Couchbase Server | 6.0.0 |
References
- https://www.couchbase.com/resources/security#SecurityAlertsVendor Advisory
- https://www.couchbase.com/resources/security#SecurityAlertsVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-11465?
How severe is CVE-2019-11465?
How do I fix CVE-2019-11465?
Are you affected by CVE-2019-11465?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST