Vulnerability Details : CVE-2021-37842
metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, which is being logged, has a tombstone purger time-stamp attached to it.
Products affected by CVE-2021-37842
- cpe:2.3:a:couchbase:couchbase_server:7.0.0:-:*:*:*:*:*:*
- cpe:2.3:a:couchbase:couchbase_server:7.0.1:-:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-37842
0.18%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 55 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-37842
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2021-37842
-
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-37842
-
https://www.couchbase.com/alerts
Alerts | CouchbaseVendor Advisory
-
https://docs.couchbase.com/server/current/release-notes/relnotes.html
Release Notes;Vendor Advisory
Jump to