Main Vulnerability Database Vulnerabilities #VU76020

Improper access control in Red Hat OpenShift Data Science - CVE-2023-0923

Published: May 11, 2023

Vulnerability identifier: #VU76020

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-0923

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Red Hat OpenShift Data Science

Software vendor:
Red Hat Inc.

Description

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due an error in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. A remote attacker can read arbitrary files on the system.

Remediation

Install updates from vendor's website.

External links

https://bugzilla.redhat.com/show_bug.cgi?id=2171870

Improper access control in Red Hat OpenShift Data Science - CVE-2023-0923

Description

Remediation

External links

Please verify you're human