Vulnerabilities > CVE-2023-0923 - Missing Authorization vulnerability in Redhat Openshift Data Science
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 | |
OS | 1 |
Common Weakness Enumeration (CWE)
References
- https://access.redhat.com/errata/RHSA-2023:0977
- https://access.redhat.com/errata/RHSA-2023:0977
- https://access.redhat.com/security/cve/CVE-2023-0923
- https://access.redhat.com/security/cve/CVE-2023-0923
- https://bugzilla.redhat.com/show_bug.cgi?id=2171870
- https://bugzilla.redhat.com/show_bug.cgi?id=2171870