CVE-2023-3361
Summary
| CVE | CVE-2023-3361 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-10-04 12:15:00 UTC |
| Updated | 2023-11-07 04:18:00 UTC |
| Description | A flaw was found in Red Hat OpenShift Data Science. When exporting a pipeline from the Elyra notebook pipeline editor as Python DSL or YAML, it reads S3 credentials from the cluster (ds pipeline server) and saves them in plain text in the generated output instead of an ID for a Kubernetes secret. |
Risk And Classification
Problem Types: CWE-319
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Opendatahub | Open Data Hub Dashboard | All | All | All | All |
| Application | Redhat | Openshift Data Science | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| cve-details | MISC | access.redhat.com | |
| [Feature Request]: Switch to kubernets_secret option in place of user_credential option on elyrasecret · Issue #1415 · opendatahub-io/odh-dashboard · GitHub | MISC | github.com | |
| 2216588 – (CVE-2023-3361) CVE-2023-3361 odh-dashboard: s3 credentials included when exporting elyra notebook | MISC | bugzilla.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.