CVE-2021-42763

Published: Nov 2, 2021

Modified: Aug 4, 2024

PUBLISHED

Description

Couchbase Server before 6.6.3 and 7.x before 7.0.2 stores Sensitive Information in Cleartext. The issue occurs when the cluster manager forwards a HTTP request from the pluggable UI (query workbench etc) to the specific service. In the backtrace, the Basic Auth Header included in the HTTP request, has the "@" user credentials of the node processing the UI request.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://docs.couchbase.com/server/current/release-notes/relnotes.html

x_refsource_MISC

https://www.couchbase.com/alerts

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-42763

Description

Affected Products

References