CVE-2021-3528

HIGH Year: 2021
CVSS v3 Score
8.8
High
CVSS v2 Score
6.5
Medium
Weakness Type
CWE-522
View all →

Vulnerability Description

A flaw was found in noobaa-operator in versions before 5.7.0, where internal RPC AuthTokens between the noobaa operator and the noobaa core are leaked into log files. An attacker with access to the log files could use this AuthToken to gain additional access into noobaa deployment and can read/modify system configuration.

Related Vulnerabilities

CVE-2016-9593

HIGH
CVSS:8.8(High)

foreman-debug before version 1.15.0 is vulnerable to a flaw in foreman-debug's logging. An attacker with access to the foreman log file would be able to view passwords, allowing them to access those s...

CWE-5222016

CVE-2017-15656

HIGH
CVSS:8.8(High)

Password are stored in plaintext in nvram in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt.

CWE-5222017

CVE-2017-7547

HIGH
CVSS:8.8(High)

PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by ...

CWE-5222017

CVE-2018-1000610

HIGH
CVSS:8.8(High)

A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java, ExtensionCo...

CWE-5222018

CVE-2018-10286

HIGH
CVSS:8.8(High)

The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive information such as the NMS admin credentials and the PostgreSQL database credentials to logged-in users via the responses to certai...

CWE-5222018

CVE-2018-4190

HIGH
CVSS:8.8(High)

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected....

CWE-5222018