redhat openshift_data_science CVE 漏洞(4)

CVE 数: 4 CPE versions: View versions table

摘要

本页列出影响 redhat openshift_data_science 的已公开 CVE 漏洞(通过 NVD CPE 关联)。每行包含严重程度评分、摘要与发布日期,便于识别与分析安全问题。

显示 144 CVE 数
«« 第一页 « 上一页 第 1 / 1 页 下一页 »
CVE 摘要 来源 最高 CVSS EPSS % 公开时间 更新时间
CVE-2024-7557 A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation across models within the same namespace. When deploying AI models, the UI provides the option to protect models with authentication. However, credentials from one model can be used to access other models and APIs within the same namespace. The exposed ServiceAccount tokens, visible in the UI, can be utilized with oc --token={token} to exploit the elevated view privileges associated with the S [email protected] 8.8 0.93% 2024-08-12 2026-06-17
CVE-2023-44487 KEV The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. [email protected] 7.5 100.00% 2023-10-10 2026-06-17
CVE-2023-3361 A flaw was found in Red Hat OpenShift Data Science. When exporting a pipeline from the Elyra notebook pipeline editor as Python DSL or YAML, it reads S3 credentials from the cluster (ds pipeline server) and saves them in plain text in the generated output instead of an ID for a Kubernetes secret. [email protected] 7.7 0.47% 2023-10-04 2026-06-17
CVE-2023-0923 A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues. [email protected] 8.8 0.94% 2023-09-15 2026-06-17
«« 第一页 « 上一页 第 1 / 1 页 下一页 »
cvelogic Threat Intelligence