CVE-2019-11465

An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6.0.0. The Memcached "connections" stat block command emits a non-redacted username. The system information submitted to Couchbase as part of a bug report included the usernames for all users currently logged into the system even if the log was redacted for privacy. This has been fixed (in 5.5.4 and 6.0.1) so that usernames are tagged properly in the logs and are hashed out when the logs are redacted.
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*
cpe:2.3:a:couchbase:couchbase_server:6.0.0:*:*:*:*:*:*:*

Information

Published : 2019-09-10 10:15

Updated : 2021-07-21 04:39


NVD link : CVE-2019-11465

Mitre link : CVE-2019-11465


JSON object : View

CWE
CWE-532

Insertion of Sensitive Information into Log File

Advertisement

dedicated server usa

Products Affected

couchbase

  • couchbase_server