CVE-2021-43963

EPSS 0.33%
Veröffentlicht 07.12.2021 22:15:07
Zuletzt bearbeitet 21.11.2024 06:30:05
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

An issue was discovered in Couchbase Sync Gateway 2.7.0 through 2.8.2. The bucket credentials used to read and write data in Couchbase Server were insecurely being stored in the metadata within sync documents written to the bucket. Users with read access could use these credentials to obtain write access. (This issue does not affect clusters where Sync Gateway is authenticated with X.509 client certificates. This issue also does not affect clusters where shared bucket access is not enabled on Sync Gateway.)

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Couchbase ≫ Sync Gateway Version >= 2.7.0 < 2.8.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.33%	0.523

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov	5.5	8	4.9	AV:N/AC:L/Au:S/C:P/I:P/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://www.couchbase.com/alerts

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-43963

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-43963

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-43963

EUVD