CVE-2021-3528

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-3528
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3528.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-3528
Published
2021-05-13T15:15:07Z
Modified
2024-09-03T03:51:12.666612Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A flaw was found in noobaa-operator in versions before 5.7.0, where internal RPC AuthTokens between the noobaa operator and the noobaa core are leaked into log files. An attacker with access to the log files could use this AuthToken to gain additional access into noobaa deployment and can read/modify system configuration.

References

Affected packages

Git / github.com/noobaa/noobaa-operator

Affected ranges

Type
GIT
Repo
https://github.com/noobaa/noobaa-operator
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

v0.*

v0.1.0

v1.*

v1.0.0
v1.0.1
v1.0.2
v1.1.0
v1.2.0

v2.*

v2.0.0
v2.0.1
v2.0.1-rc.1
v2.0.2
v2.0.3
v2.0.4
v2.0.5