CVE-2021-3528
Last modified
CVE-2021-3528 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. A flaw was found in noobaa-operator in versions before 5.7.0, where internal RPC AuthTokens between the noobaa operator and the noobaa core are leaked into log files. An attacker with access to the log files could use this AuthToken to gain additional access into noobaa deployment and can read/modify system configuration.. EPSS estimates a 0.89% chance of exploitation in the next 30 days.
Description
A flaw was found in noobaa-operator in versions before 5.7.0, where internal RPC AuthTokens between the noobaa operator and the noobaa core are leaked into log files. An attacker with access to the log files could use this AuthToken to gain additional access into noobaa deployment and can read/modify system configuration.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Noobaa-Operator | < 5.7.0 |
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1955601Issue Tracking, Patch, Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1955601Issue Tracking, Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-3528?
How severe is CVE-2021-3528?
How do I fix CVE-2021-3528?
Are you affected by CVE-2021-3528?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST