CVE-2021-25643

Name of the Vulnerable Software and Affected Versions Couchbase Server versions 5.x through 6.5.1 Couchbase Server versions 6.6.x through 6.6.1

Description An issue was discovered where internal users with administrator privileges, such as @cbq-engine-cbauth and @index-cbauth, leak credentials in cleartext in the indexer.log file. This occurs when these users make a call to certain API endpoints, including "/listCreateTokens", "/listRebalanceTokens", or "/listMetadataTokens".

Recommendations For Couchbase Server versions 5.x through 6.5.1, update to version 6.5.2 or later. For Couchbase Server versions 6.6.x through 6.6.1, update to version 6.6.2 or later.