CVE-2021-27925: Race Condition
First published: Wed May 19 2021(Updated: )
An issue was discovered in Couchbase Server 6.5.x and 6.6.x through 6.6.1. When using the View Engine and Auditing is enabled, a crash condition can (depending on a race condition) cause an internal user with administrator privileges, @ns_server, to have its credentials leaked in cleartext in the ns_server.info.log file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Couchbase Couchbase Server | >=6.5.0<6.6.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-27925.
What is the severity of CVE-2021-27925?
The severity of CVE-2021-27925 is medium, with a severity value of 4.4.
Which versions of Couchbase Server are affected by CVE-2021-27925?
Couchbase Server versions 6.5.x and 6.6.x through 6.6.1 are affected by CVE-2021-27925.
How does CVE-2021-27925 impact Couchbase Server?
CVE-2021-27925 can cause a crash condition in Couchbase Server when using the View Engine and Auditing is enabled, potentially leaking the credentials of the internal user @ns_server in clear text.
How can I fix CVE-2021-27925?
To fix CVE-2021-27925, it is recommended to upgrade to Couchbase Server version 6.6.2 or later.
- collector/nvd-index
- agent/severity
- agent/author
- agent/references
- agent/type
- agent/event
- agent/weakness
- agent/description
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/couchbase
- canonical/couchbase couchbase server
- version/couchbase couchbase server/6.5.0