PT-2019-12325 · Danga Interactive+1 · Memcached+1

Published

2019-09-10

Updated

2021-07-21

CVE-2019-11465

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Couchbase Server versions 5.5.x through 5.5.3 Couchbase Server version 6.0.0

Description An issue was discovered where the Memcached "connections" stat block command emits a non-redacted username. This resulted in system information submitted to Couchbase as part of a bug report including usernames for all users currently logged into the system, even if the log was redacted for privacy.

Recommendations For Couchbase Server versions 5.5.x through 5.5.3, update to version 5.5.4 to fix the issue. For Couchbase Server version 6.0.0, update to version 6.0.1 to fix the issue.

Fix

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532

Related Identifiers

CVE-2019-11465

Affected Products

Couchbase Server

Memcached

PT-2019-12325 · Danga Interactive+1 · Memcached+1

CVE-2019-11465

Weakness Enumeration

Related Identifiers

Affected Products

References · 3