Vulnerabilities > CVE-2023-0923 - Missing Authorization vulnerability in Redhat Openshift Data Science

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

redhat

CWE-862

critical

NVD

Published: 2023-09-15

Updated: 2024-05-03

Summary

A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Openshift Data Science *	1
OS	Redhat Redhat Enterprise Linux 8.0	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://access.redhat.com/errata/RHSA-2023:0977
https://bugzilla.redhat.com/show_bug.cgi?id=2171870
https://access.redhat.com/security/cve/CVE-2023-0923