CVE-2024-7557
- EPSS 0.07%
- Veröffentlicht 12.08.2024 13:38:43
- Zuletzt bearbeitet 18.09.2024 07:15:04
A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation across models within the same namespace. When deploying AI models, the UI provides the option to protect models with authentication. However, cre...
CVE-2023-44487
- EPSS 94.44%
- Veröffentlicht 10.10.2023 14:15:10
- Zuletzt bearbeitet 11.06.2025 17:29:54
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2023-3361
- EPSS 0.04%
- Veröffentlicht 04.10.2023 12:15:10
- Zuletzt bearbeitet 21.11.2024 08:17:05
A flaw was found in Red Hat OpenShift Data Science. When exporting a pipeline from the Elyra notebook pipeline editor as Python DSL or YAML, it reads S3 credentials from the cluster (ds pipeline server) and saves them in plain text in the generated o...
CVE-2023-0923
- EPSS 0.14%
- Veröffentlicht 15.09.2023 21:15:09
- Zuletzt bearbeitet 21.11.2024 07:38:06
A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues.