CVE-2022-33911
First published: Mon Jul 11 2022(Updated: )
An issue was discovered in Couchbase Server 7.x before 7.0.4. Field names are not redacted in logged validation messages for Analytics Service. An Unauthorized Actor may be able to obtain Sensitive Information.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Couchbase Couchbase Server | >=6.5.0<7.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-33911?
CVE-2022-33911 is a vulnerability discovered in Couchbase Server 7.x before 7.0.4 where field names are not redacted in logged validation messages for Analytics Service, allowing unauthorized actors to obtain sensitive information.
What is the severity of CVE-2022-33911?
The severity of CVE-2022-33911 is medium, with a CVSSv3 score of 5.3.
How can an unauthorized actor exploit CVE-2022-33911?
An unauthorized actor can exploit CVE-2022-33911 by accessing the logged validation messages for Analytics Service and obtaining sensitive information.
Which version of Couchbase Server is affected by CVE-2022-33911?
Couchbase Server versions between 6.5.0 and 7.0.4 are affected by CVE-2022-33911.
How can I fix CVE-2022-33911?
To fix CVE-2022-33911, it is recommended to upgrade to Couchbase Server version 7.0.4 or later.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/author
- agent/references
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/couchbase
- canonical/couchbase couchbase server
- version/couchbase couchbase server/6.5.0