CVE-2025-8766 Noobaa-core: excessive permissions of /etc could lead to escalation of privilege in the noobaa-core container

A container privilege escalation flaw was found in certain Multi-Cloud Object Gateway Core images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container,...

CVE-2025-8766 Noobaa-core: excessive permissions of /etc could lead to escalation of privilege in the noobaa-core container

A container privilege escalation flaw was found in certain Multi-Cloud Object Gateway Core images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container,...

CVE-2025-8766

CVE-2025-8766 affects Noobaa-core container images (Multi-Cloud Object Gateway Core). The root cause is that /etc/passwd is created with group-writable permissions during build, allowing a non-root attacker with membership in the root group to modify /etc/passwd and create a user with any UID (in...

EUVD-2021-26845

Malware in sbrugna...

noobaa-core cross-site scripting vulnerability

noobaa-core is the application that provides an S3 object storage interface with flexible tiering, mirroring, and distributed placement policies for any storage resource that allows GET/PUT, including S3, GCS, Azure Blob File System, and more. A cross-site scripting vulnerability exists in...

CVE-2021-3529

A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a payload script. The input was echoed unmodified in the application response, resulting in arbitrary...

CVE-2021-3529

A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a payload script. The input was echoed unmodified in the application response, resulting in arbitrary...

Hardcoded credentials

A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a payload script. The input was echoed unmodified in the application response, resulting in arbitrary...

CVE-2021-3529

A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a payload script. The input was echoed unmodified in the application response, resulting in arbitrary...

CVE-2021-3529

CVE-2021-3529 affects noobaa-core prior to 5.7.0. The vulnerability stems from unmodified echoing of an arbitrarily named URL into HTML, allowing inline arbitrary JavaScript to be injected via the application response (cross‑site scripting risk). Affected component: noobaa-core; description consi...

nooba -core 跨站脚本漏洞

noobaa-core is the application that provides an S3 object storage interface with flexible tiering, mirroring, and distributed placement policies for any storage resource that allows GET/PUT, including S3, GCS, Azure Blob File System, and more. A cross-site scripting vulnerability exists in...

PT-2021-20870 · Unknown · Noobaa-Operator

Name of the Vulnerable Software and Affected Versions: noobaa-operator versions prior to 5.7.0 Description: A flaw was found in noobaa-operator where internal RPC AuthTokens between the noobaa operator and the noobaa core are leaked into log files. An attacker with access to the log files could u...

CVE-2021-3529

A flaw was found in noobaa-core. This flaw results in the name of an arbitrary URL copied into an HTML document as plain text between tags, including a potential payload script. The input is echoed unmodified in the application response, resulting in arbitrary JavaScript being injected into an...