Overview
- Description
- metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, which is being logged, has a tombstone purger time-stamp attached to it.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-312
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:7.0.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "467A5F09-0E97-4BA8-933A-14F819D127A7"
},
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:7.0.1:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "930EF10B-3A95-4583-8DE1-84434C62A2E2"
}
],
"operator": "OR"
}
]
}
]