CVE-2023-3361

EPSS 0.04%
Veröffentlicht 04.10.2023 12:15:10
Zuletzt bearbeitet 21.11.2024 08:17:05
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A flaw was found in Red Hat OpenShift Data Science. When exporting a pipeline from the Elyra notebook pipeline editor as Python DSL or YAML, it reads S3 credentials from the cluster (ds pipeline server) and saves them in plain text in the generated output instead of an ID for a Kubernetes secret.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Opendatahub ≫ Open Data Hub Dashboard Version < 1.28.1

Redhat ≫ Openshift Data Science Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.116

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
secalert@redhat.com	7.7	3.1	4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-319 Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

https://access.redhat.com/security/cve/CVE-2023-3361

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2216588

Third Party Advisory

Issue Tracking

https://github.com/opendatahub-io/odh-dashboard/issues/1415

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2023-3361

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-3361

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-3361

EUVD