CVE-2022-26311

EUVD-2022-30872
Couchbase Operator 2.2.x before 2.2.3 exposes Sensitive Information to an Unauthorized Actor. Secrets are not redacted in logs collected from Kubernetes environments.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
Affected Products (NVD)
VendorProductVersion
couchbasecloud_native_operator
2.2.0 ≤
𝑥
< 2.2.3
𝑥
= Vulnerable software versions
References
https://docs.couchbase.com/operator/current/overview.html
https://www.couchbase.com/alerts
https://docs.couchbase.com/operator/current/overview.html
https://www.couchbase.com/alerts