Lucene search

K
osvGoogleOSV:CVE-2021-3528
HistoryMay 13, 2021 - 3:15 p.m.

CVE-2021-3528

2021-05-1315:15:07
Google
osv.dev
8
noobaa
operator
authtokens
log files
access
configuration

AI Score

7.1

Confidence

Low

EPSS

0.001

Percentile

37.0%

A flaw was found in noobaa-operator in versions before 5.7.0, where internal RPC AuthTokens between the noobaa operator and the noobaa core are leaked into log files. An attacker with access to the log files could use this AuthToken to gain additional access into noobaa deployment and can read/modify system configuration.

AI Score

7.1

Confidence

Low

EPSS

0.001

Percentile

37.0%

Related for OSV:CVE-2021-3528