VDB
CVE-2021-3528
CVE-2021-3528
PUBLISHED
CVSS 6.5 MEDIUM
A flaw was found in noobaa-operator in versions before 5.7.0, where internal RPC AuthTokens between the noobaa operator and the noobaa core are leaked into log files. An attacker with access to the log files could use this AuthToken to gain additional access into noobaa deployment and can read/modify system configuration.
EPSS 0.33% · 56.3th percentile
Risk Scores
CVSS 2.0
6.5
EPSS Score
0.33%
56.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | NooBaa | noobaa-operator 5.7.0 |
| redhat | noobaa-operator | 0 |
Exploit Intelligence
Timeline
- May 13, 2021 CVE Published
- May 14, 2021 EPSS Score
- Jul 17, 2021 EPSS Score
- Sep 16, 2021 EPSS Score
- Nov 17, 2021 EPSS Score
- Jan 18, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Mar 20, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 21, 2022 EPSS Score
- Jul 23, 2022 EPSS Score
- Sep 23, 2022 EPSS Score