6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
7.6 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
18.3%
A Server-Side Request Forgery (SSRF) flaw was found in kubeflow. Any user can use kubeflow as a proxy to access internal or external resources and have the response returned to the user by supplying a url to the namespace parameter in /pipeline/artifacts/get. This issue could allow an attacker to hijack a user account by stealing the authentication cookie sent with the request or access internal resources available from the kubeflow server.
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
7.6 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
18.3%