CVE-2023-0923

A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
redhatCNA
8.8 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
VendorProductVersion
redhatopenshift_data_science
1.22 ≤
𝑥
< 1.22.1-3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2023:0977
https://access.redhat.com/security/cve/CVE-2023-0923
https://bugzilla.redhat.com/show_bug.cgi?id=2171870
https://access.redhat.com/errata/RHSA-2023:0977
https://access.redhat.com/security/cve/CVE-2023-0923
https://bugzilla.redhat.com/show_bug.cgi?id=2171870