{"api_version":"1","generated_at":"2026-04-22T21:27:17+00:00","cve":"CVE-2023-3361","urls":{"html":"https://cve.report/CVE-2023-3361","api":"https://cve.report/api/cve/CVE-2023-3361.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-3361","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-3361"},"summary":{"title":"CVE-2023-3361","description":"A flaw was found in Red Hat OpenShift Data Science. When exporting a pipeline from the Elyra notebook pipeline editor as Python DSL or YAML, it reads S3 credentials from the cluster (ds pipeline server) and saves them in plain text in the generated output instead of an ID for a Kubernetes secret.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2023-10-04 12:15:00","updated_at":"2023-11-07 04:18:00"},"problem_types":["CWE-319"],"metrics":[],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2023-3361","name":"https://access.redhat.com/security/cve/CVE-2023-3361","refsource":"MISC","tags":[],"title":"cve-details","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/opendatahub-io/odh-dashboard/issues/1415","name":"https://github.com/opendatahub-io/odh-dashboard/issues/1415","refsource":"MISC","tags":[],"title":"[Feature Request]:  Switch to kubernets_secret option in place of user_credential option on elyrasecret · Issue #1415 · opendatahub-io/odh-dashboard · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2216588","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2216588","refsource":"MISC","tags":[],"title":"2216588 – (CVE-2023-3361) CVE-2023-3361 odh-dashboard: s3 credentials included when exporting elyra notebook","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-3361","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3361","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"3361","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"opendatahub","cpe5":"open_data_hub_dashboard","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"3361","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"openshift_data_science","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-3361","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A flaw was found in Red Hat OpenShift Data Science. When exporting a pipeline from the Elyra notebook pipeline editor as Python DSL or YAML, it reads S3 credentials from the cluster (ds pipeline server) and saves them in plain text in the generated output instead of an ID for a Kubernetes secret."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Exposure of Sensitive Information to an Unauthorized Actor","cweId":"CWE-200"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"odh-dashboard","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"versions":[{"version":"1.28.1","status":"unaffected"}]}}]}}]}},{"vendor_name":"Red Hat","product":{"product_data":[{"product_name":"Red Hat OpenShift Data Science (RHODS)","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}}]}}]}}]}},"references":{"reference_data":[{"url":"https://access.redhat.com/security/cve/CVE-2023-3361","refsource":"MISC","name":"https://access.redhat.com/security/cve/CVE-2023-3361"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2216588","refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2216588"},{"url":"https://github.com/opendatahub-io/odh-dashboard/issues/1415","refsource":"MISC","name":"https://github.com/opendatahub-io/odh-dashboard/issues/1415"}]},"impact":{"cvss":[{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.7,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","version":"3.1"}]}},"nvd":{"publishedDate":"2023-10-04 12:15:00","lastModifiedDate":"2023-11-07 04:18:00","problem_types":["CWE-319"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:opendatahub:open_data_hub_dashboard:*:*:*:*:*:*:*:*","versionEndExcluding":"1.28.1","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:openshift_data_science:-:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}