exploitDog

CVE-2021-37842

Опубликовано: 02 нояб. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, which is being logged, has a tombstone purger time-stamp attached to it.

Ссылки

https://docs.couchbase.com/server/current/release-notes/relnotes.html
Release Notes
Vendor Advisory
https://www.couchbase.com/alerts
Vendor Advisory
https://docs.couchbase.com/server/current/release-notes/relnotes.html
Release Notes
Vendor Advisory
https://www.couchbase.com/alerts
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:couchbase:couchbase_server:7.0.0:-:*:*:*:*:*:*

cpe:2.3:a:couchbase:couchbase_server:7.0.1:-:*:*:*:*:*:*

EPSS

Процентиль: 37%

0.00162

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-312

Связанные уязвимости

GHSA-8w77-53f9-9p5h

github

больше 3 лет назад

metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, which is being logged, has a tombstone purger time-stamp attached to it.

EPSS

Процентиль: 37%

0.00162

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-312