Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-3361

A flaw was found in Red Hat OpenShift Data Science. When exporting a pipeline from the Elyra notebook pipeline editor as Python DSL or YAML, it reads S3 credentials from the cluster (ds pipeline server) and saves them in plain text in the generated output instead of an ID for a Kubernetes secret.

Published

2023-10-04T12:15:10.567

Last Modified

2024-11-21T08:17:05.957

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.7 (HIGH)

Weaknesses

Type: Secondary
CWE-200
Type: Primary
CWE-319

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	opendatahub	open_data_hub_dashboard	< 1.28.1	Yes
Application	redhat	openshift_data_science	-	Yes

References

https://access.redhat.com/security/cve/CVE-2023-3361 Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2216588 Issue Tracking, Third Party Advisory ([email protected])
https://github.com/opendatahub-io/odh-dashboard/issues/1415 Issue Tracking ([email protected])
https://access.redhat.com/security/cve/CVE-2023-3361 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=2216588 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/opendatahub-io/odh-dashboard/issues/1415 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)