4 matches found
CVE-2025-8766
CVE-2025-8766 affects Noobaa-core container images (Multi-Cloud Object Gateway Core). The root cause is that /etc/passwd is created with group-writable permissions during build, allowing a non-root attacker with membership in the root group to modify /etc/passwd and create a user with any UID (in...
CVE-2025-8766 Noobaa-core: excessive permissions of /etc could lead to escalation of privilege in the noobaa-core container
A container privilege escalation flaw was found in certain Multi-Cloud Object Gateway Core images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container,...
nooba -core ่ทจ็ซ่ๆฌๆผๆด
noobaa-core is the application that provides an S3 object storage interface with flexible tiering, mirroring, and distributed placement policies for any storage resource that allows GET/PUT, including S3, GCS, Azure Blob File System, and more. A cross-site scripting vulnerability exists in...
PT-2021-20870 ยท Unknown ยท Noobaa-Operator
Name of the Vulnerable Software and Affected Versions: noobaa-operator versions prior to 5.7.0 Description: A flaw was found in noobaa-operator where internal RPC AuthTokens between the noobaa operator and the noobaa core are leaked into log files. An attacker with access to the log files could u...