Openshift Data Science

DATE	CVE	VULNERABILITY TITLE	RISK
2024-08-12	CVE-2024-7557	Unspecified vulnerability in Redhat Openshift AI and Openshift Data Science A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation across models within the same namespace. network low complexity redhat	8.8
2023-10-10	CVE-2023-44487	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. network low complexity ietf nghttp2 netty envoyproxy eclipse caddyserver golang f5 apache apple grpc microsoft nodejs dena facebook amazon debian kazu-yamamoto istio varnish-cache-project traefik projectcontour linkerd linecorp redhat fedoraproject netapp akka konghq jenkins openresty cisco	7.5
2023-10-04	CVE-2023-3361	Cleartext Transmission of Sensitive Information vulnerability in multiple products A flaw was found in Red Hat OpenShift Data Science. network low complexity opendatahub redhat CWE-319	7.5
2023-09-15	CVE-2023-0923	Missing Authorization vulnerability in Redhat Openshift Data Science A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. network low complexity redhat CWE-862 critical	9.8