7.5

CVE-2021-37842

EPSS 0.16%
Published 02.11.2021 12:15:07
Last modified 21.11.2024 06:15:57
Source cve@mitre.org
Teams watchlist Login
Open Login

metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, which is being logged, has a tombstone purger time-stamp attached to it.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Couchbase ≫ Couchbase Server Version7.0.0 Update-

Couchbase ≫ Couchbase Server Version7.0.1 Update-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.16%	0.337

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

https://docs.couchbase.com/server/current/release-notes/relnotes.html

Vendor Advisory

Release Notes

https://www.couchbase.com/alerts

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-37842

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-37842

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-37842

EUVD