CVE-2021-25643

An issue was discovered in Couchbase Server 5.x and 6.x before 6.5.2 and 6.6.x before 6.6.2. Internal users with administrator privileges, @cbq-engine-cbauth and @index-cbauth, leak credentials in cleartext in the indexer.log file when they make a /listCreateTokens, /listRebalanceTokens, or /listMetadataTokens call.
References
Configurations

Configuration 1

cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*
cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*

Information

Published : 2021-05-26 09:15

Updated : 2021-09-09 01:31


NVD link : CVE-2021-25643

Mitre link : CVE-2021-25643

Products Affected
No products.
CWE
CWE-319

Cleartext Transmission of Sensitive Information