Authentication Information Leakage in Couchbase Server REST API

Authentication Information Leakage in Couchbase Server REST API

CVE-2021-25644 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta. Incorrect commands to the REST API can result in leaked authentication information being stored in cleartext in the debug.log and info.log files, and is also shown in the UI visible to administrators.

Learn more about our Cis Benchmark Audit For Server Software.