CVE-2021-42763: 
Couchbase vulnerability analysis and mitigation

Couchbase Server before 6.6.3 and 7.x before 7.0.2 contains a vulnerability where sensitive information is stored in cleartext. The issue occurs when the cluster manager forwards an HTTP request from the pluggable UI (query workbench etc) to the specific service. In the backtrace, the Basic Auth Header included in the HTTP request contains the '@' user credentials of the node processing the UI request (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. This indicates that the vulnerability is network exploitable, requires low attack complexity, needs no privileges or user interaction, and can result in high confidentiality impact without affecting integrity or availability (NVD).

The vulnerability exposes sensitive authentication credentials in cleartext, specifically the '@' user credentials of the node processing the UI request. This exposure could potentially allow attackers to gain unauthorized access to the system with elevated privileges (NVD).

The vulnerability has been fixed in Couchbase Server versions 6.6.3 and 7.0.2. Users running affected versions should upgrade to these patched versions or later to mitigate the risk (Vendor Advisory).