Home > Vulnerability Database > CVE-2023-3361

Mend.io Vulnerability Database

CVE-2023-3361

Good to know:

Date: October 4, 2023

A flaw was found in Red Hat OpenShift Data Science. When exporting a pipeline from the Elyra notebook pipeline editor as Python DSL or YAML, it reads S3 credentials from the cluster (ds pipeline server) and saves them in plain text in the generated output instead of an ID for a Kubernetes secret.

Language: TYPE_SCRIPT

Severity Score

7.5

Related Resources (5)

Url: https://github.com/opendatahub-io/odh-dashboard/issues/1415

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-3361

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2216588

Url: https://access.redhat.com/security/cve/CVE-2023-3361

Url: https://www.mend.io/vulnerability-database/CVE-2023-3361

Severity Score

7.5

Weakness Type (CWE)

Cleartext Transmission of Sensitive Information

CWE-319

Top Fix

Upgrade Version

Upgrade to version v2.12.0

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-3361

Good to know:

Date: October 4, 2023

Language: TYPE_SCRIPT

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?