HIGH🇵🇱 Wersja polska

CVE-2023-3361

CVSS 7.7v3.1pub. 2023-10-04upd. 2024-11-21

A flaw was found in Red Hat OpenShift Data Science. When exporting a pipeline from the Elyra notebook pipeline editor as Python DSL or YAML, it reads S3 credentials from the cluster (ds pipeline server) and saves them in plain text in the generated output instead of an ID for a Kubernetes secret.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
  • Opendatahub Open Data Hub Dashboard

    APP
    Opendatahub
    < 1.28.1
  • Red Hat Openshift Data Science

    APP
    Redhat
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Container
CWE
References

Related vulnerabilities

CVE-2024-7557HIGH8.8ten sam produkt

A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation acros...

CVE-2023-0923HIGH8.8ten sam produkt

A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other n...

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam vendor

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)

CVE-2021-40438CRITICAL9.0⚠ KEVten sam vendor

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...

CVE-2019-5544CRITICAL9.8⚠ KEVten sam vendor

OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the s...