CVE-2021-43963Sensitive Information Exposure in Sync Gateway

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
8.1HIGHNVD
EPSS
0.2%
top 53.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Couchbase Sync Gateway
Timeline
PublishedDec 7
Latest updateDec 8

Description

An issue was discovered in Couchbase Sync Gateway 2.7.0 through 2.8.2. The bucket credentials used to read and write data in Couchbase Server were insecurely being stored in the metadata within sync documents written to the bucket. Users with read access could use these credentials to obtain write access. (This issue does not affect clusters where Sync Gateway is authenticated with X.509 client certificates. This issue also does not affect clusters where shared bucket access is not enabled on Sy

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages1 packages

NVDcouchbase/sync_gateway2.7.02.8.3

🔴Vulnerability Details

2
GHSA
GHSA-v978-p5g5-3r76: An issue was discovered in Couchbase Sync Gateway 22021-12-08
CVEList
CVE-2021-43963: An issue was discovered in Couchbase Sync Gateway 22021-12-07
CVE-2021-43963 — Sensitive Information Exposure | cvebase