A flaw was found in noobaa-operator in versions before 5.7.0, where internal RPC AuthTokens between the noobaa operator and the noobaa core are leaked into log files. An attacker with access to the log files could use this AuthToken to gain additional access into noobaa deployment and can read/modify system configuration.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2021-05-13T14:30:07
Updated: 2024-08-03T17:01:07.389Z
Reserved: 2021-04-30T00:00:00
Link: CVE-2021-3528
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-05-13T15:15:07.697
Modified: 2024-11-21T06:21:46.190
Link: CVE-2021-3528
Redhat