CVE-2021-42763
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Couchbase Server before 6.6.3 and 7.x before 7.0.2 stores Sensitive Information in Cleartext. The issue occurs when the cluster manager forwards a HTTP request from the pluggable UI (query workbench etc) to the specific service. In the backtrace, the Basic Auth Header included in the HTTP request, has the "@" user credentials of the node processing the UI request.
Couchbase Server versiones anteriores a 6.6.3 y 7.x anteriores a 7.0.2, almacena información confidencial en texto sin cifrar. El problema se produce cuando el administrador de clústeres reenvía una petición HTTP desde la UI pluggable (query workbench, etc.) al servicio específico. En el backtrace, el Basic Auth Header incluido en la petición HTTP, presenta las credenciales de usuario "@" del nodo que procesa la petición de UI
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-10-20 CVE Reserved
- 2021-11-02 CVE Published
- 2024-07-18 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-312: Cleartext Storage of Sensitive Information
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://docs.couchbase.com/server/current/release-notes/relnotes.html | 2021-11-08 | |
https://www.couchbase.com/alerts | 2021-11-08 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Couchbase Search vendor "Couchbase" | Couchbase Server Search vendor "Couchbase" for product "Couchbase Server" | < 4.6.0 Search vendor "Couchbase" for product "Couchbase Server" and version " < 4.6.0" | - |
Affected
| ||||||
Couchbase Search vendor "Couchbase" | Couchbase Server Search vendor "Couchbase" for product "Couchbase Server" | >= 5.0.0 < 6.1.0 Search vendor "Couchbase" for product "Couchbase Server" and version " >= 5.0.0 < 6.1.0" | - |
Affected
| ||||||
Couchbase Search vendor "Couchbase" | Couchbase Server Search vendor "Couchbase" for product "Couchbase Server" | >= 6.5.0 <= 6.6.2 Search vendor "Couchbase" for product "Couchbase Server" and version " >= 6.5.0 <= 6.6.2" | - |
Affected
| ||||||
Couchbase Search vendor "Couchbase" | Couchbase Server Search vendor "Couchbase" for product "Couchbase Server" | 7.0.0 Search vendor "Couchbase" for product "Couchbase Server" and version "7.0.0" | - |
Affected
| ||||||
Couchbase Search vendor "Couchbase" | Couchbase Server Search vendor "Couchbase" for product "Couchbase Server" | 7.0.1 Search vendor "Couchbase" for product "Couchbase Server" and version "7.0.1" | - |
Affected
|