First published: Wed May 19 2021(Updated: )
An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta. Incorrect commands to the REST API can result in leaked authentication information being stored in cleartext in the debug.log and info.log files, and is also shown in the UI visible to administrators.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Couchbase Couchbase Server | >=5.0.0<=6.6.1 | |
Couchbase Couchbase Server | =7.0.0-beta |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2021-25644.
The severity of CVE-2021-25644 is high with a score of 7.5.
Couchbase Server 5.x, 6.x (up to 6.6.1), and 7.0.0 Beta are affected by CVE-2021-25644.
Incorrect commands to the REST API can result in leaked authentication information being stored in cleartext in the debug.log and info.log files, and is also shown in the UI visible to administrators.
Upgrade to a version of Couchbase Server that is not affected by CVE-2021-25644 and follow the recommendations provided by Couchbase.