CVE-2023-3361

Published Oct 4, 2023

Last updated a year ago

CVSS high 7.5

Overview

Description: A flaw was found in Red Hat OpenShift Data Science. When exporting a pipeline from the Elyra notebook pipeline editor as Python DSL or YAML, it reads S3 credentials from the cluster (ds pipeline server) and saves them in plain text in the generated output instead of an ID for a Kubernetes secret.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH

Weaknesses

nvd@nist.gov: CWE-319
secalert@redhat.com: CWE-200

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:opendatahub:open_data_hub_dashboard:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6767C5AA-B34C-40E7-9885-C09AA446D8BF",
            "versionEndExcluding": "1.28.1"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:redhat:openshift_data_science:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B3F5FF1E-5DA3-4EC3-B41A-A362BDFC4C69"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References