An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6.0.0. The Memcached "connections" stat block command emits a non-redacted username. The system information submitted to Couchbase as part of a bug report included the usernames for all users currently logged into the system even if the log was redacted for privacy. This has been fixed (in 5.5.4 and 6.0.1) so that usernames are tagged properly in the logs and are hashed out when the logs are redacted.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.couchbase.com/resources/security#SecurityAlerts |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-09-10T16:55:49
Updated: 2024-08-04T22:55:39.999Z
Reserved: 2019-04-22T00:00:00
Link: CVE-2019-11465
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2019-09-10T17:15:11.453
Modified: 2021-07-21T11:39:23.747
Link: CVE-2019-11465
Redhat
No data.