CVE-2021-25645
Last modified
CVE-2021-25645 is a medium-severity vulnerability rated 4.4/10 on the CVSS scale. An issue was discovered in Couchbase Server before 6.0.5, 6.1.x through 6.5.x before 6.5.2, and 6.6.x before 6.6.1. An internal user with administrator privileges, @ns_server, leaks credentials in cleartext in the cbcollect_info.log, debug.log, ns_couchdb.log, indexer.log, and stats.log files. EPSS estimates a 0.17% chance of exploitation in the next 30 days.
Description
An issue was discovered in Couchbase Server before 6.0.5, 6.1.x through 6.5.x before 6.5.2, and 6.6.x before 6.6.1. An internal user with administrator privileges, @ns_server, leaks credentials in cleartext in the cbcollect_info.log, debug.log, ns_couchdb.log, indexer.log, and stats.log files. NOTE: updating the product does not automatically address leaks that occurred in the past.
Metrics
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Couchbase | Couchbase Server | < 6.0.5 |
| Couchbase | Couchbase Server | >= 6.1.0, < 6.5.2 |
| Couchbase | Couchbase Server | >= 6.6.0, < 6.6.1 |
References
- https://www.couchbase.com/downloadsProduct, Vendor Advisory
- https://www.couchbase.com/resources/security#SecurityAlertsVendor Advisory
- https://www.couchbase.com/downloadsProduct, Vendor Advisory
- https://www.couchbase.com/resources/security#SecurityAlertsVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-25645?
How severe is CVE-2021-25645?
How do I fix CVE-2021-25645?
Are you affected by CVE-2021-25645?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST