CVE-2023-50436

CWE-522 — Insufficiently Protected Credentials3 documents3 sources

Severity

5.3MEDIUM

EPSS

0.1%

top 71.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Couchbase Couchbase Server

Timeline

PublishedFeb 29

Description

An issue was discovered in Couchbase Server before 7.2.4. ns_server admin credentials are leaked in encoded form in the diag.log file. The earliest affected version is 7.1.5.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 1.8 | Impact: 3.4

Affected Packages1 packages

▶NVDcouchbase/couchbase_server7.1.5 — 7.2.4

🔴Vulnerability Details

GHSA

GHSA-qp9m-27hg-v883: An issue was discovered in Couchbase Server before 7↗2024-02-29

▶

CVEList

CVE-2023-50436: An issue was discovered in Couchbase Server before 7↗2024-02-28

▶