CVE-2021-25645

Name of the Vulnerable Software and Affected Versions Couchbase Server versions prior to 6.0.5 Couchbase Server versions 6.1.x through 6.5.x before 6.5.2 Couchbase Server versions 6.6.x before 6.6.1

Description An issue was discovered in Couchbase Server where an internal user with administrator privileges, @ns server, leaks credentials in cleartext in the cbcollect info.log, debug.log, ns couchdb.log, indexer.log, and stats.log files. Updating the product does not automatically address leaks that occurred in the past.

Recommendations For versions prior to 6.0.5, update to version 6.0.5 or later. For versions 6.1.x through 6.5.x before 6.5.2, update to version 6.5.2 or later. For versions 6.6.x before 6.6.1, update to version 6.6.1 or later. As a temporary workaround, consider restricting access to the log files to minimize the risk of exploitation.