CVE-2021-37842

CWE-312Cleartext Storage of Sensitive Info3 documents3 sources
Severity
7.5HIGH
EPSS
0.2%
top 63.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Couchbase Couchbase Server
Timeline
PublishedNov 2
Latest updateMay 24

Description

metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, which is being logged, has a tombstone purger time-stamp attached to it.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDcouchbase/couchbase_server7.0.0, 7.0.1+1

🔴Vulnerability Details

2
GHSA
GHSA-8w77-53f9-9p5h: metakv in Couchbase Server 72022-05-24
CVEList
CVE-2021-37842: metakv in Couchbase Server 72021-11-02
CVE-2021-37842 (HIGH CVSS 7.5) | metakv in Couchbase Server 7.0.0 us | cvebase.io