CVE-2021-37842
First published: Tue Nov 02 2021(Updated: )
metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, which is being logged, has a tombstone purger time-stamp attached to it.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Couchbase Couchbase Server | =7.0.0 | |
| Couchbase Couchbase Server | =7.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-37842?
CVE-2021-37842 is a vulnerability in Couchbase Server 7.0.0 that allows sensitive information, such as Remote Cluster XDCR credentials, to be stored in cleartext in debug logs.
How does CVE-2021-37842 affect Couchbase Server?
CVE-2021-37842 affects Couchbase Server versions 7.0.0 and 7.0.1.
What is the severity of CVE-2021-37842?
The severity of CVE-2021-37842 is high, with a CVSS score of 7.5.
How can the vulnerability be exploited?
The vulnerability can be exploited by an attacker being able to access the debug logs of Couchbase Server 7.0.0 and 7.0.1.
Is there a fix for CVE-2021-37842?
Yes, a fix is available for CVE-2021-37842. It is recommended to upgrade to a version of Couchbase Server that is not affected by this vulnerability.
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/couchbase
- canonical/couchbase couchbase server
- version/couchbase couchbase server/7.0.0
- version/couchbase couchbase server/7.0.1