Hardik Vyas

Name of the Vulnerable Software and Affected Versions: noobaa-operator versions prior to 5.7.0 Description: A flaw was found in noobaa-operator where internal RPC AuthTokens between the noobaa operator and the noobaa core are leaked into log files. An attacker with access to the log files could use this AuthToken to gain additional access into noobaa deployment and can read/modify system configuration. Recommendations: For versions prior to 5.7.0, update to version 5.7.0 or later to resolve the issue. As a temporary workaround, consider restricting access to log files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Grafana versions prior to 7.2.1 Grafana versions through 6.7.3 **Description** An information-disclosure flaw was found in Grafana. The database directory /var/lib/grafana and database file /var/lib/grafana/grafana.db are world readable. This can result in exposure of sensitive information, such as cleartext or encrypted datasource passwords. **Recommendations** For versions through 6.7.3, consider restricting access to the database directory /var/lib/grafana and database file /var/lib/grafana/grafana.db to prevent exposure of sensitive information. For versions prior to 7.2.1, update to version 7.2.1 or later to resolve the issue. As a temporary workaround, consider changing the permissions of the database directory and file to prevent world readability until a patch is applied.