HIGH🇬🇧 English

CVE-2023-3361

CVSS 7.7v3.1pub. 2023-10-04upd. 2024-11-21

A flaw was found in Red Hat OpenShift Data Science. When exporting a pipeline from the Elyra notebook pipeline editor as Python DSL or YAML, it reads S3 credentials from the cluster (ds pipeline server) and saves them in plain text in the generated output instead of an ID for a Kubernetes secret.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
  • Opendatahub Open Data Hub Dashboard

    APP
    Opendatahub
    < 1.28.1
  • Red Hat Openshift Data Science

    APP
    Redhat
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Container
CWE
Referencje

Powiązane podatności

CVE-2024-7557HIGH8.8ten sam produkt

A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation acros...

CVE-2023-0923HIGH8.8ten sam produkt

A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other n...

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam vendor

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)

CVE-2021-40438CRITICAL9.0⚠ KEVten sam vendor

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...

CVE-2019-5544CRITICAL9.8⚠ KEVten sam vendor

OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the s...