Vulnerability Description
A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Openshift Data Science | >= 1.22, < 1.22.1-3 |
| Redhat | Enterprise Linux | 8.0 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2023:0977Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2023-0923Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2171870Issue TrackingVendor Advisory
- https://access.redhat.com/errata/RHSA-2023:0977Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2023-0923Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2171870Issue TrackingVendor Advisory
FAQ
What is CVE-2023-0923?
CVE-2023-0923 is a vulnerability with a CVSS score of 8.8 (HIGH). A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to ...
How severe is CVE-2023-0923?
CVE-2023-0923 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-0923?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Openshift Data Science, Redhat Enterprise Linux.