CVE-2025-52490
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-07-29
Last updated on: 2025-08-06
Assigner: MITRE
Description
Description
An issue was discovered in Couchbase Sync Gateway before 3.2.6. In sgcollect_info_options.log and sync_gateway.log, there are cleartext passwords in redacted and unredacted output.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| couchbase | sync_gateway | to 3.2.6 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-319 | The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves Couchbase Sync Gateway versions before 3.2.6 where cleartext passwords are exposed in the sgcollect_info_options.log and sync_gateway.log files, both in redacted and unredacted forms.
How can this vulnerability impact me? :
The exposure of cleartext passwords in log files can lead to unauthorized access if an attacker obtains these logs, potentially compromising confidentiality, integrity, and availability of the system.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70