An issue was discovered in Couchbase Server 5.x and 6.x before 6.5.2 and 6.6.x before 6.6.2. Internal users with administrator privileges, @cbq-engine-cbauth and @index-cbauth, leak credentials in cleartext in the indexer.log file when they make a /listCreateTokens, /listRebalanceTokens, or /listMetadataTokens call.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.couchbase.com/resources/security#SecurityAlerts |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-05-26T20:09:11
Updated: 2024-08-03T20:11:27.533Z
Reserved: 2021-01-21T00:00:00
Link: CVE-2021-25643
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-05-26T21:15:08.273
Modified: 2024-11-21T05:55:11.947
Link: CVE-2021-25643
Redhat
No data.