Vulnerability Details CVE-2021-25643
An issue was discovered in Couchbase Server 5.x and 6.x before 6.5.2 and 6.6.x before 6.6.2. Internal users with administrator privileges, @cbq-engine-cbauth and @index-cbauth, leak credentials in cleartext in the indexer.log file when they make a /listCreateTokens, /listRebalanceTokens, or /listMetadataTokens call.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 41.7%
CVSS Severity
CVSS v3 Score 4.9
CVSS v2 Score 4.0
References
Products affected by CVE-2021-25643
-
cpe:2.3:a:couchbase:couchbase_server:5.0.0
-
cpe:2.3:a:couchbase:couchbase_server:5.0.1
-
cpe:2.3:a:couchbase:couchbase_server:5.1.0
-
cpe:2.3:a:couchbase:couchbase_server:5.1.1
-
cpe:2.3:a:couchbase:couchbase_server:5.1.2
-
cpe:2.3:a:couchbase:couchbase_server:5.1.3
-
cpe:2.3:a:couchbase:couchbase_server:5.5.0
-
cpe:2.3:a:couchbase:couchbase_server:5.5.1
-
cpe:2.3:a:couchbase:couchbase_server:5.5.2
-
cpe:2.3:a:couchbase:couchbase_server:5.5.3
-
cpe:2.3:a:couchbase:couchbase_server:5.5.4
-
cpe:2.3:a:couchbase:couchbase_server:5.5.5
-
cpe:2.3:a:couchbase:couchbase_server:5.5.6
-
cpe:2.3:a:couchbase:couchbase_server:6.0
-
cpe:2.3:a:couchbase:couchbase_server:6.0.0
-
cpe:2.3:a:couchbase:couchbase_server:6.0.1
-
cpe:2.3:a:couchbase:couchbase_server:6.0.2
-
cpe:2.3:a:couchbase:couchbase_server:6.0.3
-
cpe:2.3:a:couchbase:couchbase_server:6.0.4
-
cpe:2.3:a:couchbase:couchbase_server:6.0.5
-
cpe:2.3:a:couchbase:couchbase_server:6.5.0
-
cpe:2.3:a:couchbase:couchbase_server:6.5.1
-
cpe:2.3:a:couchbase:couchbase_server:6.6.0
-
cpe:2.3:a:couchbase:couchbase_server:6.6.1