CVE-2019-11465Log File Information Exposure in Server

CWE-532Log File Information ExposureCWE-203Observable Discrepancy3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.3%
top 47.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Couchbase Server
Timeline
PublishedSep 10
Latest updateMay 24

Description

An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6.0.0. The Memcached "connections" stat block command emits a non-redacted username. The system information submitted to Couchbase as part of a bug report included the usernames for all users currently logged into the system even if the log was redacted for privacy. This has been fixed (in 5.5.4 and 6.0.1) so that usernames are tagged properly in the logs and are hashed out when the logs are redacted.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

NVDcouchbase/couchbase_server5.5.05.5.3+1

🔴Vulnerability Details

2
GHSA
GHSA-3499-h62c-hg29: An issue was discovered in Couchbase Server 52022-05-24
CVEList
CVE-2019-11465: An issue was discovered in Couchbase Server 52019-09-10
CVE-2019-11465 — Log File Information Exposure | cvebase