CVE-2024-23302 is a vulnerability identified in Couchbase Server versions before 7.2.4, where private cryptographic keys are inadvertently logged in the goxdcr.log file. The goxdcr.log is associated with the Cross Data Center Replication (XDCR) feature of Couchbase, which facilitates data replication across clusters. The presence of private keys in logs constitutes an information disclosure vulnerability classified under CWE-200 (Exposure of Sensitive Information). This flaw allows an unauthenticated remote attacker to access the log files over the network and extract private keys, which could be used to decrypt sensitive communications or impersonate legitimate services. The vulnerability has a CVSS 3.1 base score of 7.5, reflecting its network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), high confidentiality impact (C:H), and no impact on integrity or availability (I:N/A:N). Although no active exploits have been reported, the risk remains significant due to the sensitive nature of private keys and the ease with which they can be extracted from logs. The vulnerability was publicly disclosed on February 28, 2024, and Couchbase has released version 7.2.4 to address the issue, though no direct patch links were provided in the source data. Organizations using vulnerable versions should consider this a critical information leakage risk, especially in environments where XDCR is enabled and logs are accessible.

The primary impact of CVE-2024-23302 is the compromise of confidentiality through the exposure of private cryptographic keys. Attackers who obtain these keys can decrypt sensitive data transmissions, perform man-in-the-middle attacks, or impersonate legitimate Couchbase nodes or services, potentially leading to further unauthorized access or data breaches. Since the vulnerability does not affect integrity or availability, the direct risk to data modification or service disruption is low. However, the exposure of private keys can have cascading effects, including undermining trust in encrypted communications and enabling subsequent attacks that compromise system integrity or availability. Organizations relying on Couchbase Server for critical data replication and storage may face significant operational and reputational damage if exploited. The ease of exploitation without authentication or user interaction increases the threat level, especially in environments where logs are accessible over the network or insufficiently protected.

1. Upgrade Couchbase Server to version 7.2.4 or later, where the private key leak in goxdcr.log has been addressed. 2. Restrict access to log files, especially goxdcr.log, ensuring that only authorized personnel and systems can read these files. 3. Implement strict network segmentation and firewall rules to limit external access to Couchbase management and log directories. 4. Regularly audit and monitor log files for sensitive information exposure and unusual access patterns. 5. If upgrading immediately is not feasible, consider disabling or limiting XDCR functionality temporarily to reduce exposure. 6. Employ encryption and secure storage for logs where possible, and sanitize logs to remove sensitive information before archival or sharing. 7. Review and enhance overall key management practices, including key rotation and revocation, to mitigate risks from potential key exposure. 8. Conduct security awareness training for administrators on the risks of sensitive data in logs and best practices for log management.