PT-2023-24404 · Red Hat · Red Hat Openshift Data Science

Anten Skrabec

Publicado

2023-07-11

Atualizado

2023-10-05

CVE-2023-3361

CVSS v3.1

7.7

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Red Hat OpenShift Data Science (affected versions not specified)

Description A flaw was found in Red Hat OpenShift Data Science. When exporting a pipeline from the Elyra notebook pipeline editor as Python DSL or YAML, it reads S3 credentials from the cluster and saves them in plain text in the generated output instead of an ID for a Kubernetes secret.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Cleartext Transmission of Sensitive Information

RCE

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-319CWE-20CWE-200

Identificadores relacionados

BDU:2023-04229

CVE-2023-3361

Produtos afetados

Red Hat Openshift Data Science

PT-2023-24404 · Red Hat · Red Hat Openshift Data Science

CVE-2023-3361

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11