CVE-2021-27924Cleartext Transmission of Sensitive Info in Server

CWE-319Cleartext Transmission of Sensitive Info4 documents4 sources
Severity
5.9MEDIUMNVD
EPSS
0.2%
top 62.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Couchbase Server
Timeline
PublishedMay 19
Latest updateMay 24

Description

An issue was discovered in Couchbase Server 6.x through 6.6.1. The Couchbase Server UI is insecurely logging session cookies in the logs. This allows for the impersonation of a user if the log files are obtained by an attacker before a session cookie expires.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages1 packages

NVDcouchbase/couchbase_server6.0.06.6.2

🔴Vulnerability Details

2
GHSA
GHSA-gxpm-63fr-38v5: An issue was discovered in Couchbase Server 62022-05-24
CVEList
CVE-2021-27924: An issue was discovered in Couchbase Server 62021-05-19
CVE-2021-27924 — Couchbase Server vulnerability | cvebase