admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2021/CVE-2021-427xx/CVE-2021-42763.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

137 lines
4.6 KiB
JSON
Raw Blame History

{
"id": "CVE-2021-42763",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-11-02T12:15:07.837",
"lastModified": "2021-11-08T14:59:21.740",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Couchbase Server before 6.6.3 and 7.x before 7.0.2 stores Sensitive Information in Cleartext. The issue occurs when the cluster manager forwards a HTTP request from the pluggable UI (query workbench etc) to the specific service. In the backtrace, the Basic Auth Header included in the HTTP request, has the \"@\" user credentials of the node processing the UI request."
},
{
"lang": "es",
"value": "Couchbase Server versiones anteriores a 6.6.3 y 7.x anteriores a 7.0.2, almacena informaci\u00f3n confidencial en texto sin cifrar. El problema se produce cuando el administrador de cl\u00fasteres reenv\u00eda una petici\u00f3n HTTP desde la UI pluggable (query workbench, etc.) al servicio espec\u00edfico. En el backtrace, el Basic Auth Header incluido en la petici\u00f3n HTTP, presenta las credenciales de usuario \"@\" del nodo que procesa la petici\u00f3n de UI"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-312"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.6.0",
"matchCriteriaId": "822D5705-403C-42B6-A7F4-F1B96DCDA2F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndExcluding": "6.1.0",
"matchCriteriaId": "3178055C-9670-4D79-932A-07F139F5F922"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.5.0",
"versionEndIncluding": "6.6.2",
"matchCriteriaId": "D7C23D79-2B15-45A5-B5FB-DB0354A108D4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:couchbase:couchbase_server:7.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "467A5F09-0E97-4BA8-933A-14F819D127A7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:couchbase:couchbase_server:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DDBFEB5B-7BF8-456B-84A2-8A8656470F6A"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html",
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://www.couchbase.com/alerts",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink