1. Home
  2. CVE Database
  3. CVE-2019-11465
MEDIUM · 5.3

CVE-2019-11465

An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6.0.0. The Memcached "connections" stat block command emits a non-redacted username. The system information submitted to Couchbase a...

Vulnerability Description

An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6.0.0. The Memcached "connections" stat block command emits a non-redacted username. The system information submitted to Couchbase as part of a bug report included the usernames for all users currently logged into the system even if the log was redacted for privacy. This has been fixed (in 5.5.4 and 6.0.1) so that usernames are tagged properly in the logs and are hashed out when the logs are redacted.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
CouchbaseCouchbase Server>= 5.5.0, <= 5.5.3

Related Weaknesses (CWE)

CWE-532

References

FAQ

What is CVE-2019-11465?

CVE-2019-11465 is a vulnerability with a CVSS score of 5.3 (MEDIUM). An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6.0.0. The Memcached "connections" stat block command emits a non-redacted username. The system information submitted to Couchbase a...

How severe is CVE-2019-11465?

CVE-2019-11465 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-11465?

Check the references section above for vendor advisories and patch information. Affected products include: Couchbase Couchbase Server.