CVE-2023-0923

Published: Sep 15, 2023Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues.

Affected (1)

Products: Redhat: Openshift Data Science

Redhat

1 product

Openshift Data Science

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Redhat Openshift Data Science	From 1.22 to 1.22.1-3

Running on/with	Platform Versions
Redhat Enterprise Linux	Version 8.0

Related CWEs

CWE-862

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (6)

https://access.redhat.com/errata/RHSA-2023:0977

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/security/cve/CVE-2023-0923

Source: secalert@redhat.com

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2171870

Source: secalert@redhat.com

Issue TrackingVendor Advisory

https://access.redhat.com/errata/RHSA-2023:0977

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://access.redhat.com/security/cve/CVE-2023-0923

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2171870

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.