4 matches found
CVE-2023-44487
CVE-2023-44487 – HTTP/2 Rapid Reset DoS Root cause: HTTP/2 stream resets can cause servers to continue processing, leading to unbounded resource consumption and potential DoS when clients rapidly cancel streams. What’s affected: Various HTTP/2 implementations and deployments, including servers, p...
CVE-2023-0923
CVE-2023-0923 affects Red Hat OpenShift Data Science (RHODS) with the odh-notebook-controller-container vulnerability: insufficient authorization allows requests from other namespaces to reach the Jupyter API, exposing file contents and related data. Connected sources corroborate impact and root ...
CVE-2024-7557
OpenShift AI CVE-2024-7557 describes an authentication bypass and privilege escalation across models within the same namespace. Affected: OpenShift AI versions prior to 2.9. Root cause: the UI-protected models expose credentials/tokens (ServiceAccount tokens) in the UI, which can be used with oc ...
CVE-2023-3361
CVE-2023-3361 affects Red Hat OpenShift Data Science. When exporting a pipeline from the Elyra notebook editor as Python DSL or YAML, it reads S3 credentials from the cluster (ds pipeline server) and saves them in plaintext in the generated output instead of an ID for a Kubernetes secret. The doc...