CVE-2021-3528

Name of the Vulnerable Software and Affected Versions: noobaa-operator versions prior to 5.7.0

Description: A flaw was found in noobaa-operator where internal RPC AuthTokens between the noobaa operator and the noobaa core are leaked into log files. An attacker with access to the log files could use this AuthToken to gain additional access into noobaa deployment and can read/modify system configuration.

Recommendations: For versions prior to 5.7.0, update to version 5.7.0 or later to resolve the issue. As a temporary workaround, consider restricting access to log files to minimize the risk of exploitation.