Home > Vulnerability Database > CVE-2023-3361

Mend.io Vulnerability Database

CVE-2023-3361

Date: October 4, 2023

A flaw was found in Red Hat OpenShift Data Science. When exporting a pipeline from the Elyra notebook pipeline editor as Python DSL or YAML, it reads S3 credentials from the cluster (ds pipeline server) and saves them in plain text in the generated output instead of an ID for a Kubernetes secret.

Language: TYPE_SCRIPT

Severity Score

7.7

Related Resources (5)

Url: https://github.com/opendatahub-io/odh-dashboard/issues/1415

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-3361

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2216588

Url: https://access.redhat.com/security/cve/CVE-2023-3361

Url: https://www.mend.io/vulnerability-database/CVE-2023-3361

Severity Score

7.7

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Cleartext Transmission of Sensitive Information

CWE-319

CVSS v3.1

Base Score:	7.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-3361

Date: October 4, 2023

Language: TYPE_SCRIPT

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?