ID CVE-2019-11465
Summary An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6.0.0. The Memcached "connections" stat block command emits a non-redacted username. The system information submitted to Couchbase as part of a bug report included the usernames for all users currently logged into the system even if the log was redacted for privacy. This has been fixed (in 5.5.4 and 6.0.1) so that usernames are tagged properly in the logs and are hashed out when the logs are redacted.
References
Vulnerable Configurations
  • cpe:2.3:a:couchbase:couchbase_server:5.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:couchbase:couchbase_server:5.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:couchbase:couchbase_server:5.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:couchbase:couchbase_server:5.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:couchbase:couchbase_server:6.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:couchbase:couchbase_server:6.0.0:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 13-09-2019 - 18:20)
Impact:
Exploitability:
CWE CWE-203
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
Last major update 13-09-2019 - 18:20
Published 10-09-2019 - 17:15
Back to Top