CVE-2021-25643
First published: Wed May 26 2021(Updated: )
An issue was discovered in Couchbase Server 5.x and 6.x before 6.5.2 and 6.6.x before 6.6.2. Internal users with administrator privileges, @cbq-engine-cbauth and @index-cbauth, leak credentials in cleartext in the indexer.log file when they make a /listCreateTokens, /listRebalanceTokens, or /listMetadataTokens call.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Couchbase Couchbase Server | >=5.0.0<6.5.2 | |
| Couchbase Couchbase Server | >=6.6.0<6.6.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-25643?
CVE-2021-25643 is a vulnerability in Couchbase Server 5.x and 6.x before 6.5.2 and 6.6.x before 6.6.2 that allows internal users with administrator privileges to leak credentials in cleartext in the indexer.log file.
How severe is CVE-2021-25643?
CVE-2021-25643 has a severity rating of 4.9, which is considered medium.
How does CVE-2021-25643 affect Couchbase Server?
CVE-2021-25643 affects Couchbase Server 5.x and 6.x before 6.5.2 and 6.6.x before 6.6.2.
What is the fix for CVE-2021-25643?
To fix CVE-2021-25643, upgrade to Couchbase Server version 6.5.2 or 6.6.2.
Where can I find more information about CVE-2021-25643?
More information about CVE-2021-25643 can be found at the following link: [Couchbase Security Alerts](https://www.couchbase.com/resources/security#SecurityAlerts)
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/description
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/couchbase
- canonical/couchbase couchbase server
- version/couchbase couchbase server/5.0.0
- version/couchbase couchbase server/6.6.0