CVE-2021-27925

Name of the Vulnerable Software and Affected Versions: Couchbase Server versions 6.5.x through 6.6.1

Description: An issue in Couchbase Server can cause a crash condition when using the View Engine and Auditing is enabled. Depending on a race condition, this can lead to the credentials of an internal user with administrator privileges, @ns server, being leaked in cleartext in the ns server.info.log file.

Recommendations: For Couchbase Server versions 6.5.x through 6.6.1, consider disabling the View Engine or Auditing to minimize the risk of credentials being leaked until a patch is available. Restrict access to the ns server.info.log file to prevent unauthorized users from obtaining the leaked credentials. At the moment, there is no information about a newer version that contains a fix for this vulnerability.