Couchbase Server 7.0.0 Cleartext Storage Vulnerability: Remote Cluster XDCR Credentials Leakage in Debug Logs

Couchbase Server 7.0.0 Cleartext Storage Vulnerability: Remote Cluster XDCR Credentials Leakage in Debug Logs

CVE-2021-37842 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, which is being logged, has a tombstone purger time-stamp attached to it.

Learn more about our Cis Benchmark Audit For Server Software.