An issue was discovered in Couchbase Server 7.x before 7.0.4. Field names are not redacted in logged validation messages for Analytics Service. An Unauthorized Actor may be able to obtain Sensitive Information.
References
Link | Resource |
---|---|
https://docs.couchbase.com/server/current/release-notes/relnotes.html | Release Notes Vendor Advisory |
https://forums.couchbase.com/tags/security | Vendor Advisory |
https://www.couchbase.com/alerts | Vendor Advisory |
Configurations
History
18 Jul 2022, 19:04
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-532 | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 5.3 |
CPE | cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:* | |
References | (MISC) https://docs.couchbase.com/server/current/release-notes/relnotes.html - Release Notes, Vendor Advisory | |
References | (MISC) https://www.couchbase.com/alerts - Vendor Advisory | |
References | (MISC) https://forums.couchbase.com/tags/security - Vendor Advisory |
12 Jul 2022, 14:28
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-07-12 14:15
Updated : 2024-02-04 22:51
NVD link : CVE-2022-33911
Mitre link : CVE-2022-33911
CVE.ORG link : CVE-2022-33911
JSON object : View
Products Affected
couchbase
- couchbase_server
CWE
CWE-532
Insertion of Sensitive Information into Log File