CVE-2023-3361

EPSS 0.04%
Published 04.10.2023 12:15:10
Last modified 21.11.2024 08:17:05
Source secalert@redhat.com
Teams watchlist Login
Open Login

A flaw was found in Red Hat OpenShift Data Science. When exporting a pipeline from the Elyra notebook pipeline editor as Python DSL or YAML, it reads S3 credentials from the cluster (ds pipeline server) and saves them in plain text in the generated output instead of an ID for a Kubernetes secret.

Affected products Warnungen 0 Metrics 3 CWE 2 References 6

Data is provided by the National Vulnerability Database (NVD)

Opendatahub ≫ Open Data Hub Dashboard Version < 1.28.1

Redhat ≫ Openshift Data Science Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.116

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
secalert@redhat.com	7.7	3.1	4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-319 Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

https://access.redhat.com/security/cve/CVE-2023-3361

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2216588

Third Party Advisory

Issue Tracking

https://github.com/opendatahub-io/odh-dashboard/issues/1415

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2023-3361

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-3361

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-3361

EUVD