CVE-2021-27925 - OpenCVE

An issue was discovered in Couchbase Server 6.5.x and 6.6.x through 6.6.1. When using the View Engine and Auditing is enabled, a crash condition can (depending on a race condition) cause an internal user with administrator privileges, @ns_server, to have its credentials leaked in cleartext in the ns_server.info.log file.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Couchbase	Couchbase Server

Configuration 1 [-]

cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.couchbase.com/downloads
https://www.couchbase.com/resources/security#SecurityAlerts

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-05-19T18:57:30

Updated: 2024-08-03T21:33:17.053Z

Reserved: 2021-03-03T00:00:00

Link: CVE-2021-27925

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-05-19T19:15:08.387

Modified: 2022-07-12T17:42:04.277

Link: CVE-2021-27925

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Couchbase Server 6.5.x and 6.6.x through 6.6.1. When using the View Engine and Auditing is enabled, a crash condition can (depending on a race condition) cause an internal user with administrator privileges, @ns_server, to have its credentials leaked in cleartext in the ns_server.info.log file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-05-19T18:57:30", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.couchbase.com/resources/security#SecurityAlerts"}, {"tags": ["x_refsource_MISC"], "url": "https://www.couchbase.com/downloads"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-27925", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Couchbase Server 6.5.x and 6.6.x through 6.6.1. When using the View Engine and Auditing is enabled, a crash condition can (depending on a race condition) cause an internal user with administrator privileges, @ns_server, to have its credentials leaked in cleartext in the ns_server.info.log file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.couchbase.com/resources/security#SecurityAlerts", "refsource": "MISC", "url": "https://www.couchbase.com/resources/security#SecurityAlerts"}, {"name": "https://www.couchbase.com/downloads", "refsource": "MISC", "url": "https://www.couchbase.com/downloads"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T21:33:17.053Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.couchbase.com/resources/security#SecurityAlerts"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.couchbase.com/downloads"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-27925", "datePublished": "2021-05-19T18:57:30", "dateReserved": "2021-03-03T00:00:00", "dateUpdated": "2024-08-03T21:33:17.053Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "9EF3DAA2-BF57-412A-84CC-B56172426027", "versionEndExcluding": "6.6.2", "versionStartIncluding": "6.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Couchbase Server 6.5.x and 6.6.x through 6.6.1. When using the View Engine and Auditing is enabled, a crash condition can (depending on a race condition) cause an internal user with administrator privileges, @ns_server, to have its credentials leaked in cleartext in the ns_server.info.log file."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Couchbase Server versiones 6.5.x y versiones 6.6.x hasta 6.6.1. Cuando est\u00e1 habilitado el uso de View Engine y Auditing, una condici\u00f3n de bloqueo puede (dependiendo de una condici\u00f3n de carrera) causar a un usuario interno con privilegios de administrador, @ns_server, tener sus credenciales filtradas en texto sin cifrar en el archivo ns_server.info.log"}], "id": "CVE-2021-27925", "lastModified": "2022-07-12T17:42:04.277", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-05-19T19:15:08.387", "references": [{"source": "cve@mitre.org", "tags": ["Product", "Vendor Advisory"], "url": "https://www.couchbase.com/downloads"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.couchbase.com/resources/security#SecurityAlerts"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}