An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6.0.0. The Memcached "connections" stat block command emits a non-redacted username. The system information submitted to Couchbase as part of a bug report included the usernames for all users currently logged into the system even if the log was redacted for privacy. This has been fixed (in 5.5.4 and 6.0.1) so that usernames are tagged properly in the logs and are hashed out when the logs are redacted.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-09-10T16:55:49

Updated: 2024-08-04T22:55:39.999Z

Reserved: 2019-04-22T00:00:00

Link: CVE-2019-11465

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2019-09-10T17:15:11.453

Modified: 2021-07-21T11:39:23.747

Link: CVE-2019-11465

cve-icon Redhat

No data.