CVE-2024-7557
- EPSS 0.07%
- Published 12.08.2024 13:38:43
- Last modified 18.09.2024 07:15:04
A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation across models within the same namespace. When deploying AI models, the UI provides the option to protect models with authentication. However, cre...
CVE-2023-44487
- EPSS 94.44%
- Published 10.10.2023 14:15:10
- Last modified 11.06.2025 17:29:54
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2023-3361
- EPSS 0.04%
- Published 04.10.2023 12:15:10
- Last modified 21.11.2024 08:17:05
A flaw was found in Red Hat OpenShift Data Science. When exporting a pipeline from the Elyra notebook pipeline editor as Python DSL or YAML, it reads S3 credentials from the cluster (ds pipeline server) and saves them in plain text in the generated o...
CVE-2023-0923
- EPSS 0.14%
- Published 15.09.2023 21:15:09
- Last modified 21.11.2024 07:38:06
A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues.