Red Hat Openshift Data Science -

CPE Details

Red Hat Openshift Data Science -
redhat
openshift_data_science
-
2023-10-25
03h38 +00:00
2023-10-25
03h38 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:redhat:openshift_data_science:-:*:*:*:*:*:*:*

Informations

Vendor

redhat

Product

openshift_data_science

Version

-

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2024-7557 2024-08-08 21h33 +00:00 A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation across models within the same namespace. When deploying AI models, the UI provides the option to protect models with authentication. However, credentials from one model can be used to access other models and APIs within the same namespace. The exposed ServiceAccount tokens, visible in the UI, can be utilized with oc --token={token} to exploit the elevated view privileges associated with the ServiceAccount, leading to unauthorized access to additional resources.
8.8
Haute
CVE-2023-44487 2023-10-10 00h00 +00:00 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
7.5
Haute
CVE-2023-3361 2023-10-04 11h34 +00:00 A flaw was found in Red Hat OpenShift Data Science. When exporting a pipeline from the Elyra notebook pipeline editor as Python DSL or YAML, it reads S3 credentials from the cluster (ds pipeline server) and saves them in plain text in the generated output instead of an ID for a Kubernetes secret.
7.7
Haute