CVE-2019-11465

Name of the Vulnerable Software and Affected Versions Couchbase Server versions 5.5.x through 5.5.3 Couchbase Server version 6.0.0

Description An issue was discovered where the Memcached "connections" stat block command emits a non-redacted username. This resulted in system information submitted to Couchbase as part of a bug report including usernames for all users currently logged into the system, even if the log was redacted for privacy.

Recommendations For Couchbase Server versions 5.5.x through 5.5.3, update to version 5.5.4 to fix the issue. For Couchbase Server version 6.0.0, update to version 6.0.1 to fix the issue.