CVE-2023-0923
HIGHRed Hat OpenShift Data Science 1.22-1.22.1-3 - Missing Authorization in Jupyter API
Title source: llmDescription
A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues.
References (3)
Core 3
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:0977
Vendor Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2023-0923
Issue Tracking, Vendor Advisory issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2171870
Scores
CVSS v3
8.8
EPSS
0.0014
EPSS Percentile
33.1%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-862
Status
published
Products (1)
redhat/openshift_data_science
1.22 - 1.22.1-3
Published
Sep 15, 2023
Tracked Since
Feb 18, 2026