Detections
Analytics

CVE-2023-0923

critical

Description

A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues.

References

https://bugzilla.redhat.com/show_bug.cgi?id=2171870

https://access.redhat.com/security/cve/CVE-2023-0923

https://access.redhat.com/errata/RHSA-2023:0977

Details

Source: Mitre, NVD

Published: 2023-09-15

Updated: 2024-05-03

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical