cvelistv5 - CVE-2023-0923

CVE-2023-0923 (GCVE-0-2023-0923)

Vulnerability from cvelistv5 – Published: 2023-09-15 20:16 – Updated: 2024-08-02 05:24

Summary

A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-862 - Missing Authorization

Assigner

redhat

References

URL

	Vendor	Product	Version
	Red Hat	RHODS-1.22-RHEL-8	Unaffected: v1.22.1-3 , < * (rpm) cpe:/a:redhat:openshift_data_science:1.22::el8

RHSA-2023_0977

Vulnerability from csaf_redhat - Published: 2023-02-28 08:31 - Updated: 2024-11-22 22:08

Summary

Red Hat Security Advisory: Red Hat OpenShift Data Science 1.22.1 security update

Notes

Topic

An update for kubeflow, dashboard, deployer is now available for Red Hat OpenShift Data Science 1.22. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Red Hat OpenShift Data Science 1.22.1 (kubeflow, dashboard, deployer) security update Security Fix(es): * odh-notebook-controller-container: Missing authorization allows for file contents disclosure (CVE-2023-0923) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for kubeflow, dashboard, deployer is now available for Red Hat OpenShift Data Science 1.22.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat OpenShift Data Science 1.22.1 (kubeflow, dashboard, deployer) security update\n\nSecurity Fix(es):\n\n* odh-notebook-controller-container: Missing authorization allows for file contents disclosure (CVE-2023-0923)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:0977",
        "url": "https://access.redhat.com/errata/RHSA-2023:0977"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2171870",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171870"
      },
      {
        "category": "external",
        "summary": "RHODS-6123",
        "url": "https://issues.redhat.com/browse/RHODS-6123"
      },
      {
        "category": "external",
        "summary": "RHODS-6136",
        "url": "https://issues.redhat.com/browse/RHODS-6136"
      },
      {
        "category": "external",
        "summary": "RHODS-6330",
        "url": "https://issues.redhat.com/browse/RHODS-6330"
      },
      {
        "category": "external",
        "summary": "RHODS-6779",
        "url": "https://issues.redhat.com/browse/RHODS-6779"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0977.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat OpenShift Data Science 1.22.1 security update",
    "tracking": {
      "current_release_date": "2024-11-22T22:08:56+00:00",
      "generator": {
        "date": "2024-11-22T22:08:56+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2023:0977",
      "initial_release_date": "2023-02-28T08:31:43+00:00",
      "revision_history": [
        {
          "date": "2023-02-28T08:31:43+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-02-28T08:31:43+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T22:08:56+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "RHODS-1.22-RHEL-8",
                "product": {
                  "name": "RHODS-1.22-RHEL-8",
                  "product_id": "8Base-RHODS-1.22",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift_data_science:1.22::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Data Science"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhods/odh-dashboard-rhel8@sha256:4bef816aa1278039efc725c890ebbf1cbe2621e5c041cc2e93931206eca7b3b5_amd64",
                "product": {
                  "name": "rhods/odh-dashboard-rhel8@sha256:4bef816aa1278039efc725c890ebbf1cbe2621e5c041cc2e93931206eca7b3b5_amd64",
                  "product_id": "rhods/odh-dashboard-rhel8@sha256:4bef816aa1278039efc725c890ebbf1cbe2621e5c041cc2e93931206eca7b3b5_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-dashboard-rhel8@sha256:4bef816aa1278039efc725c890ebbf1cbe2621e5c041cc2e93931206eca7b3b5?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-dashboard-rhel8\u0026tag=v1.22.1-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-deployer-rhel8@sha256:0adad5f04668bd4f17df45f70de6e5951e1101d7910a9191469e844800ce3cdd_amd64",
                "product": {
                  "name": "rhods/odh-deployer-rhel8@sha256:0adad5f04668bd4f17df45f70de6e5951e1101d7910a9191469e844800ce3cdd_amd64",
                  "product_id": "rhods/odh-deployer-rhel8@sha256:0adad5f04668bd4f17df45f70de6e5951e1101d7910a9191469e844800ce3cdd_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-deployer-rhel8@sha256:0adad5f04668bd4f17df45f70de6e5951e1101d7910a9191469e844800ce3cdd?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-deployer-rhel8\u0026tag=v1.22.1-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-kf-notebook-controller-rhel8@sha256:f9094d6f5e99cc0a0f1bab23148797acc398b9a2a66b565009a10ae7b21cbdea_amd64",
                "product": {
                  "name": "rhods/odh-kf-notebook-controller-rhel8@sha256:f9094d6f5e99cc0a0f1bab23148797acc398b9a2a66b565009a10ae7b21cbdea_amd64",
                  "product_id": "rhods/odh-kf-notebook-controller-rhel8@sha256:f9094d6f5e99cc0a0f1bab23148797acc398b9a2a66b565009a10ae7b21cbdea_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-kf-notebook-controller-rhel8@sha256:f9094d6f5e99cc0a0f1bab23148797acc398b9a2a66b565009a10ae7b21cbdea?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-kf-notebook-controller-rhel8\u0026tag=v1.22.1-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-ml-pipelines-api-server-rhel8@sha256:02e0693e13aee738c1ae0d3970330f8621516d60dc9b289be62583d3f991736c_amd64",
                "product": {
                  "name": "rhods/odh-ml-pipelines-api-server-rhel8@sha256:02e0693e13aee738c1ae0d3970330f8621516d60dc9b289be62583d3f991736c_amd64",
                  "product_id": "rhods/odh-ml-pipelines-api-server-rhel8@sha256:02e0693e13aee738c1ae0d3970330f8621516d60dc9b289be62583d3f991736c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-ml-pipelines-api-server-rhel8@sha256:02e0693e13aee738c1ae0d3970330f8621516d60dc9b289be62583d3f991736c?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-ml-pipelines-api-server-rhel8\u0026tag=v1.22.1-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-ml-pipelines-artifact-manager-rhel8@sha256:13081f4ad404cd42ad93325165f5b3507d6b42da7f71ec48e13148ea853b88f1_amd64",
                "product": {
                  "name": "rhods/odh-ml-pipelines-artifact-manager-rhel8@sha256:13081f4ad404cd42ad93325165f5b3507d6b42da7f71ec48e13148ea853b88f1_amd64",
                  "product_id": "rhods/odh-ml-pipelines-artifact-manager-rhel8@sha256:13081f4ad404cd42ad93325165f5b3507d6b42da7f71ec48e13148ea853b88f1_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-ml-pipelines-artifact-manager-rhel8@sha256:13081f4ad404cd42ad93325165f5b3507d6b42da7f71ec48e13148ea853b88f1?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-ml-pipelines-artifact-manager-rhel8\u0026tag=v1.22.1-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-ml-pipelines-cache-rhel8@sha256:1cdc72b86da535c836cd20ea1c0408dbb8e007b83523306cc285fbfd0e437ee0_amd64",
                "product": {
                  "name": "rhods/odh-ml-pipelines-cache-rhel8@sha256:1cdc72b86da535c836cd20ea1c0408dbb8e007b83523306cc285fbfd0e437ee0_amd64",
                  "product_id": "rhods/odh-ml-pipelines-cache-rhel8@sha256:1cdc72b86da535c836cd20ea1c0408dbb8e007b83523306cc285fbfd0e437ee0_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-ml-pipelines-cache-rhel8@sha256:1cdc72b86da535c836cd20ea1c0408dbb8e007b83523306cc285fbfd0e437ee0?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-ml-pipelines-cache-rhel8\u0026tag=v1.22.1-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-ml-pipelines-persistenceagent-rhel8@sha256:fce177e2f18b9b74084166b9bd088713f0c26566969d42dcb6262eff27884b8b_amd64",
                "product": {
                  "name": "rhods/odh-ml-pipelines-persistenceagent-rhel8@sha256:fce177e2f18b9b74084166b9bd088713f0c26566969d42dcb6262eff27884b8b_amd64",
                  "product_id": "rhods/odh-ml-pipelines-persistenceagent-rhel8@sha256:fce177e2f18b9b74084166b9bd088713f0c26566969d42dcb6262eff27884b8b_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-ml-pipelines-persistenceagent-rhel8@sha256:fce177e2f18b9b74084166b9bd088713f0c26566969d42dcb6262eff27884b8b?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-ml-pipelines-persistenceagent-rhel8\u0026tag=v1.22.1-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-ml-pipelines-scheduledworkflow-rhel8@sha256:d9a5162b50d0f343136151cd57a234b15041bd0fbd0832829babc97541819625_amd64",
                "product": {
                  "name": "rhods/odh-ml-pipelines-scheduledworkflow-rhel8@sha256:d9a5162b50d0f343136151cd57a234b15041bd0fbd0832829babc97541819625_amd64",
                  "product_id": "rhods/odh-ml-pipelines-scheduledworkflow-rhel8@sha256:d9a5162b50d0f343136151cd57a234b15041bd0fbd0832829babc97541819625_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-ml-pipelines-scheduledworkflow-rhel8@sha256:d9a5162b50d0f343136151cd57a234b15041bd0fbd0832829babc97541819625?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-ml-pipelines-scheduledworkflow-rhel8\u0026tag=v1.22.1-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-ml-pipelines-viewercontroller-rhel8@sha256:d1e101b29ee29a739c3b35716346010f0277e3e167e45ee3f325d97a20dba85a_amd64",
                "product": {
                  "name": "rhods/odh-ml-pipelines-viewercontroller-rhel8@sha256:d1e101b29ee29a739c3b35716346010f0277e3e167e45ee3f325d97a20dba85a_amd64",
                  "product_id": "rhods/odh-ml-pipelines-viewercontroller-rhel8@sha256:d1e101b29ee29a739c3b35716346010f0277e3e167e45ee3f325d97a20dba85a_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-ml-pipelines-viewercontroller-rhel8@sha256:d1e101b29ee29a739c3b35716346010f0277e3e167e45ee3f325d97a20dba85a?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-ml-pipelines-viewercontroller-rhel8\u0026tag=v1.22.1-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-mm-rest-proxy-rhel8@sha256:a0cf21ad4c7834b3784a514496ec905d1a5d3c1e7ede650ef24ff73fbec953af_amd64",
                "product": {
                  "name": "rhods/odh-mm-rest-proxy-rhel8@sha256:a0cf21ad4c7834b3784a514496ec905d1a5d3c1e7ede650ef24ff73fbec953af_amd64",
                  "product_id": "rhods/odh-mm-rest-proxy-rhel8@sha256:a0cf21ad4c7834b3784a514496ec905d1a5d3c1e7ede650ef24ff73fbec953af_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-mm-rest-proxy-rhel8@sha256:a0cf21ad4c7834b3784a514496ec905d1a5d3c1e7ede650ef24ff73fbec953af?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-mm-rest-proxy-rhel8\u0026tag=v1.22.1-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-model-controller-rhel8@sha256:3401c44291f2256d50ea9fc3b2bccdcbb7bab0c838fd2c4cc9c2781869cd9900_amd64",
                "product": {
                  "name": "rhods/odh-model-controller-rhel8@sha256:3401c44291f2256d50ea9fc3b2bccdcbb7bab0c838fd2c4cc9c2781869cd9900_amd64",
                  "product_id": "rhods/odh-model-controller-rhel8@sha256:3401c44291f2256d50ea9fc3b2bccdcbb7bab0c838fd2c4cc9c2781869cd9900_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-model-controller-rhel8@sha256:3401c44291f2256d50ea9fc3b2bccdcbb7bab0c838fd2c4cc9c2781869cd9900?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-model-controller-rhel8\u0026tag=v1.22.1-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-modelmesh-rhel8@sha256:8b77b645e8a9119a83732e43be3aedfdfb5fdf691a50fc594e9efd7233406dd2_amd64",
                "product": {
                  "name": "rhods/odh-modelmesh-rhel8@sha256:8b77b645e8a9119a83732e43be3aedfdfb5fdf691a50fc594e9efd7233406dd2_amd64",
                  "product_id": "rhods/odh-modelmesh-rhel8@sha256:8b77b645e8a9119a83732e43be3aedfdfb5fdf691a50fc594e9efd7233406dd2_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-modelmesh-rhel8@sha256:8b77b645e8a9119a83732e43be3aedfdfb5fdf691a50fc594e9efd7233406dd2?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-modelmesh-rhel8\u0026tag=v1.22.1-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-modelmesh-runtime-adapter-rhel8@sha256:853ced3339b18a0594a8ed0d3ae58e6af2047a4ff0ca383a1412df3e52bd45db_amd64",
                "product": {
                  "name": "rhods/odh-modelmesh-runtime-adapter-rhel8@sha256:853ced3339b18a0594a8ed0d3ae58e6af2047a4ff0ca383a1412df3e52bd45db_amd64",
                  "product_id": "rhods/odh-modelmesh-runtime-adapter-rhel8@sha256:853ced3339b18a0594a8ed0d3ae58e6af2047a4ff0ca383a1412df3e52bd45db_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-modelmesh-runtime-adapter-rhel8@sha256:853ced3339b18a0594a8ed0d3ae58e6af2047a4ff0ca383a1412df3e52bd45db?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-modelmesh-runtime-adapter-rhel8\u0026tag=v1.22.1-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-modelmesh-serving-controller-rhel8@sha256:4794ee0f6f454f6f0231f4fc52b52b336a841555011888ae6610a0052010ad01_amd64",
                "product": {
                  "name": "rhods/odh-modelmesh-serving-controller-rhel8@sha256:4794ee0f6f454f6f0231f4fc52b52b336a841555011888ae6610a0052010ad01_amd64",
                  "product_id": "rhods/odh-modelmesh-serving-controller-rhel8@sha256:4794ee0f6f454f6f0231f4fc52b52b336a841555011888ae6610a0052010ad01_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-modelmesh-serving-controller-rhel8@sha256:4794ee0f6f454f6f0231f4fc52b52b336a841555011888ae6610a0052010ad01?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-modelmesh-serving-controller-rhel8\u0026tag=v1.22.1-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-notebook-controller-rhel8@sha256:a7bcc98f4f37785251fee8a7779364e6bcc6bc0f70eae94af8dd6e6bada04661_amd64",
                "product": {
                  "name": "rhods/odh-notebook-controller-rhel8@sha256:a7bcc98f4f37785251fee8a7779364e6bcc6bc0f70eae94af8dd6e6bada04661_amd64",
                  "product_id": "rhods/odh-notebook-controller-rhel8@sha256:a7bcc98f4f37785251fee8a7779364e6bcc6bc0f70eae94af8dd6e6bada04661_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-notebook-controller-rhel8@sha256:a7bcc98f4f37785251fee8a7779364e6bcc6bc0f70eae94af8dd6e6bada04661?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-notebook-controller-rhel8\u0026tag=v1.22.1-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-openvino-servingruntime-rhel8@sha256:e9a1a197ef46a2f3a88d92b4ec26ccbdb0c4b2673269a679b0b49190f3ff47ef_amd64",
                "product": {
                  "name": "rhods/odh-openvino-servingruntime-rhel8@sha256:e9a1a197ef46a2f3a88d92b4ec26ccbdb0c4b2673269a679b0b49190f3ff47ef_amd64",
                  "product_id": "rhods/odh-openvino-servingruntime-rhel8@sha256:e9a1a197ef46a2f3a88d92b4ec26ccbdb0c4b2673269a679b0b49190f3ff47ef_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-openvino-servingruntime-rhel8@sha256:e9a1a197ef46a2f3a88d92b4ec26ccbdb0c4b2673269a679b0b49190f3ff47ef?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-openvino-servingruntime-rhel8\u0026tag=v1.22.1-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-operator-base-rhel8@sha256:1d327a26882442e6889e6fda37231b9407fdc06bfb7c9edc2b3e9a4068d32f45_amd64",
                "product": {
                  "name": "rhods/odh-operator-base-rhel8@sha256:1d327a26882442e6889e6fda37231b9407fdc06bfb7c9edc2b3e9a4068d32f45_amd64",
                  "product_id": "rhods/odh-operator-base-rhel8@sha256:1d327a26882442e6889e6fda37231b9407fdc06bfb7c9edc2b3e9a4068d32f45_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-operator-base-rhel8@sha256:1d327a26882442e6889e6fda37231b9407fdc06bfb7c9edc2b3e9a4068d32f45?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-operator-base-rhel8\u0026tag=v1.22.1-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-operator-bundle@sha256:af98395b01e9f5228dae2121a0a4b24a3336298f7687a47bad13ecd84a081b9f_amd64",
                "product": {
                  "name": "rhods/odh-operator-bundle@sha256:af98395b01e9f5228dae2121a0a4b24a3336298f7687a47bad13ecd84a081b9f_amd64",
                  "product_id": "rhods/odh-operator-bundle@sha256:af98395b01e9f5228dae2121a0a4b24a3336298f7687a47bad13ecd84a081b9f_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-operator-bundle@sha256:af98395b01e9f5228dae2121a0a4b24a3336298f7687a47bad13ecd84a081b9f?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-operator-bundle\u0026tag=v1.22.1-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-rhel8-operator@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7_amd64",
                "product": {
                  "name": "rhods/odh-rhel8-operator@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7_amd64",
                  "product_id": "rhods/odh-rhel8-operator@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-rhel8-operator@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-rhel8-operator\u0026tag=v1.22.1-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-operator-rhel8@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7_amd64",
                "product": {
                  "name": "rhods/odh-operator-rhel8@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7_amd64",
                  "product_id": "rhods/odh-operator-rhel8@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-operator-rhel8@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-operator-rhel8\u0026tag=v1.22.1-2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-dashboard-rhel8@sha256:4bef816aa1278039efc725c890ebbf1cbe2621e5c041cc2e93931206eca7b3b5_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-dashboard-rhel8@sha256:4bef816aa1278039efc725c890ebbf1cbe2621e5c041cc2e93931206eca7b3b5_amd64"
        },
        "product_reference": "rhods/odh-dashboard-rhel8@sha256:4bef816aa1278039efc725c890ebbf1cbe2621e5c041cc2e93931206eca7b3b5_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-deployer-rhel8@sha256:0adad5f04668bd4f17df45f70de6e5951e1101d7910a9191469e844800ce3cdd_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-deployer-rhel8@sha256:0adad5f04668bd4f17df45f70de6e5951e1101d7910a9191469e844800ce3cdd_amd64"
        },
        "product_reference": "rhods/odh-deployer-rhel8@sha256:0adad5f04668bd4f17df45f70de6e5951e1101d7910a9191469e844800ce3cdd_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-kf-notebook-controller-rhel8@sha256:f9094d6f5e99cc0a0f1bab23148797acc398b9a2a66b565009a10ae7b21cbdea_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-kf-notebook-controller-rhel8@sha256:f9094d6f5e99cc0a0f1bab23148797acc398b9a2a66b565009a10ae7b21cbdea_amd64"
        },
        "product_reference": "rhods/odh-kf-notebook-controller-rhel8@sha256:f9094d6f5e99cc0a0f1bab23148797acc398b9a2a66b565009a10ae7b21cbdea_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-ml-pipelines-api-server-rhel8@sha256:02e0693e13aee738c1ae0d3970330f8621516d60dc9b289be62583d3f991736c_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-ml-pipelines-api-server-rhel8@sha256:02e0693e13aee738c1ae0d3970330f8621516d60dc9b289be62583d3f991736c_amd64"
        },
        "product_reference": "rhods/odh-ml-pipelines-api-server-rhel8@sha256:02e0693e13aee738c1ae0d3970330f8621516d60dc9b289be62583d3f991736c_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-ml-pipelines-artifact-manager-rhel8@sha256:13081f4ad404cd42ad93325165f5b3507d6b42da7f71ec48e13148ea853b88f1_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-ml-pipelines-artifact-manager-rhel8@sha256:13081f4ad404cd42ad93325165f5b3507d6b42da7f71ec48e13148ea853b88f1_amd64"
        },
        "product_reference": "rhods/odh-ml-pipelines-artifact-manager-rhel8@sha256:13081f4ad404cd42ad93325165f5b3507d6b42da7f71ec48e13148ea853b88f1_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-ml-pipelines-cache-rhel8@sha256:1cdc72b86da535c836cd20ea1c0408dbb8e007b83523306cc285fbfd0e437ee0_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-ml-pipelines-cache-rhel8@sha256:1cdc72b86da535c836cd20ea1c0408dbb8e007b83523306cc285fbfd0e437ee0_amd64"
        },
        "product_reference": "rhods/odh-ml-pipelines-cache-rhel8@sha256:1cdc72b86da535c836cd20ea1c0408dbb8e007b83523306cc285fbfd0e437ee0_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-ml-pipelines-persistenceagent-rhel8@sha256:fce177e2f18b9b74084166b9bd088713f0c26566969d42dcb6262eff27884b8b_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-ml-pipelines-persistenceagent-rhel8@sha256:fce177e2f18b9b74084166b9bd088713f0c26566969d42dcb6262eff27884b8b_amd64"
        },
        "product_reference": "rhods/odh-ml-pipelines-persistenceagent-rhel8@sha256:fce177e2f18b9b74084166b9bd088713f0c26566969d42dcb6262eff27884b8b_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-ml-pipelines-scheduledworkflow-rhel8@sha256:d9a5162b50d0f343136151cd57a234b15041bd0fbd0832829babc97541819625_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-ml-pipelines-scheduledworkflow-rhel8@sha256:d9a5162b50d0f343136151cd57a234b15041bd0fbd0832829babc97541819625_amd64"
        },
        "product_reference": "rhods/odh-ml-pipelines-scheduledworkflow-rhel8@sha256:d9a5162b50d0f343136151cd57a234b15041bd0fbd0832829babc97541819625_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-ml-pipelines-viewercontroller-rhel8@sha256:d1e101b29ee29a739c3b35716346010f0277e3e167e45ee3f325d97a20dba85a_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-ml-pipelines-viewercontroller-rhel8@sha256:d1e101b29ee29a739c3b35716346010f0277e3e167e45ee3f325d97a20dba85a_amd64"
        },
        "product_reference": "rhods/odh-ml-pipelines-viewercontroller-rhel8@sha256:d1e101b29ee29a739c3b35716346010f0277e3e167e45ee3f325d97a20dba85a_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-mm-rest-proxy-rhel8@sha256:a0cf21ad4c7834b3784a514496ec905d1a5d3c1e7ede650ef24ff73fbec953af_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-mm-rest-proxy-rhel8@sha256:a0cf21ad4c7834b3784a514496ec905d1a5d3c1e7ede650ef24ff73fbec953af_amd64"
        },
        "product_reference": "rhods/odh-mm-rest-proxy-rhel8@sha256:a0cf21ad4c7834b3784a514496ec905d1a5d3c1e7ede650ef24ff73fbec953af_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-model-controller-rhel8@sha256:3401c44291f2256d50ea9fc3b2bccdcbb7bab0c838fd2c4cc9c2781869cd9900_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-model-controller-rhel8@sha256:3401c44291f2256d50ea9fc3b2bccdcbb7bab0c838fd2c4cc9c2781869cd9900_amd64"
        },
        "product_reference": "rhods/odh-model-controller-rhel8@sha256:3401c44291f2256d50ea9fc3b2bccdcbb7bab0c838fd2c4cc9c2781869cd9900_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-modelmesh-rhel8@sha256:8b77b645e8a9119a83732e43be3aedfdfb5fdf691a50fc594e9efd7233406dd2_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-modelmesh-rhel8@sha256:8b77b645e8a9119a83732e43be3aedfdfb5fdf691a50fc594e9efd7233406dd2_amd64"
        },
        "product_reference": "rhods/odh-modelmesh-rhel8@sha256:8b77b645e8a9119a83732e43be3aedfdfb5fdf691a50fc594e9efd7233406dd2_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-modelmesh-runtime-adapter-rhel8@sha256:853ced3339b18a0594a8ed0d3ae58e6af2047a4ff0ca383a1412df3e52bd45db_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-modelmesh-runtime-adapter-rhel8@sha256:853ced3339b18a0594a8ed0d3ae58e6af2047a4ff0ca383a1412df3e52bd45db_amd64"
        },
        "product_reference": "rhods/odh-modelmesh-runtime-adapter-rhel8@sha256:853ced3339b18a0594a8ed0d3ae58e6af2047a4ff0ca383a1412df3e52bd45db_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-modelmesh-serving-controller-rhel8@sha256:4794ee0f6f454f6f0231f4fc52b52b336a841555011888ae6610a0052010ad01_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-modelmesh-serving-controller-rhel8@sha256:4794ee0f6f454f6f0231f4fc52b52b336a841555011888ae6610a0052010ad01_amd64"
        },
        "product_reference": "rhods/odh-modelmesh-serving-controller-rhel8@sha256:4794ee0f6f454f6f0231f4fc52b52b336a841555011888ae6610a0052010ad01_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-notebook-controller-rhel8@sha256:a7bcc98f4f37785251fee8a7779364e6bcc6bc0f70eae94af8dd6e6bada04661_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-notebook-controller-rhel8@sha256:a7bcc98f4f37785251fee8a7779364e6bcc6bc0f70eae94af8dd6e6bada04661_amd64"
        },
        "product_reference": "rhods/odh-notebook-controller-rhel8@sha256:a7bcc98f4f37785251fee8a7779364e6bcc6bc0f70eae94af8dd6e6bada04661_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-openvino-servingruntime-rhel8@sha256:e9a1a197ef46a2f3a88d92b4ec26ccbdb0c4b2673269a679b0b49190f3ff47ef_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-openvino-servingruntime-rhel8@sha256:e9a1a197ef46a2f3a88d92b4ec26ccbdb0c4b2673269a679b0b49190f3ff47ef_amd64"
        },
        "product_reference": "rhods/odh-openvino-servingruntime-rhel8@sha256:e9a1a197ef46a2f3a88d92b4ec26ccbdb0c4b2673269a679b0b49190f3ff47ef_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-operator-base-rhel8@sha256:1d327a26882442e6889e6fda37231b9407fdc06bfb7c9edc2b3e9a4068d32f45_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-operator-base-rhel8@sha256:1d327a26882442e6889e6fda37231b9407fdc06bfb7c9edc2b3e9a4068d32f45_amd64"
        },
        "product_reference": "rhods/odh-operator-base-rhel8@sha256:1d327a26882442e6889e6fda37231b9407fdc06bfb7c9edc2b3e9a4068d32f45_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-operator-bundle@sha256:af98395b01e9f5228dae2121a0a4b24a3336298f7687a47bad13ecd84a081b9f_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-operator-bundle@sha256:af98395b01e9f5228dae2121a0a4b24a3336298f7687a47bad13ecd84a081b9f_amd64"
        },
        "product_reference": "rhods/odh-operator-bundle@sha256:af98395b01e9f5228dae2121a0a4b24a3336298f7687a47bad13ecd84a081b9f_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-operator-rhel8@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-operator-rhel8@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7_amd64"
        },
        "product_reference": "rhods/odh-operator-rhel8@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-rhel8-operator@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-rhel8-operator@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7_amd64"
        },
        "product_reference": "rhods/odh-rhel8-operator@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-0923",
      "cwe": {
        "id": "CWE-862",
        "name": "Missing Authorization"
      },
      "discovery_date": "2023-02-20T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHODS-1.22:rhods/odh-dashboard-rhel8@sha256:4bef816aa1278039efc725c890ebbf1cbe2621e5c041cc2e93931206eca7b3b5_amd64",
            "8Base-RHODS-1.22:rhods/odh-deployer-rhel8@sha256:0adad5f04668bd4f17df45f70de6e5951e1101d7910a9191469e844800ce3cdd_amd64",
            "8Base-RHODS-1.22:rhods/odh-kf-notebook-controller-rhel8@sha256:f9094d6f5e99cc0a0f1bab23148797acc398b9a2a66b565009a10ae7b21cbdea_amd64",
            "8Base-RHODS-1.22:rhods/odh-ml-pipelines-api-server-rhel8@sha256:02e0693e13aee738c1ae0d3970330f8621516d60dc9b289be62583d3f991736c_amd64",
            "8Base-RHODS-1.22:rhods/odh-ml-pipelines-artifact-manager-rhel8@sha256:13081f4ad404cd42ad93325165f5b3507d6b42da7f71ec48e13148ea853b88f1_amd64",
            "8Base-RHODS-1.22:rhods/odh-ml-pipelines-cache-rhel8@sha256:1cdc72b86da535c836cd20ea1c0408dbb8e007b83523306cc285fbfd0e437ee0_amd64",
            "8Base-RHODS-1.22:rhods/odh-ml-pipelines-persistenceagent-rhel8@sha256:fce177e2f18b9b74084166b9bd088713f0c26566969d42dcb6262eff27884b8b_amd64",
            "8Base-RHODS-1.22:rhods/odh-ml-pipelines-scheduledworkflow-rhel8@sha256:d9a5162b50d0f343136151cd57a234b15041bd0fbd0832829babc97541819625_amd64",
            "8Base-RHODS-1.22:rhods/odh-ml-pipelines-viewercontroller-rhel8@sha256:d1e101b29ee29a739c3b35716346010f0277e3e167e45ee3f325d97a20dba85a_amd64",
            "8Base-RHODS-1.22:rhods/odh-mm-rest-proxy-rhel8@sha256:a0cf21ad4c7834b3784a514496ec905d1a5d3c1e7ede650ef24ff73fbec953af_amd64",
            "8Base-RHODS-1.22:rhods/odh-model-controller-rhel8@sha256:3401c44291f2256d50ea9fc3b2bccdcbb7bab0c838fd2c4cc9c2781869cd9900_amd64",
            "8Base-RHODS-1.22:rhods/odh-modelmesh-rhel8@sha256:8b77b645e8a9119a83732e43be3aedfdfb5fdf691a50fc594e9efd7233406dd2_amd64",
            "8Base-RHODS-1.22:rhods/odh-modelmesh-runtime-adapter-rhel8@sha256:853ced3339b18a0594a8ed0d3ae58e6af2047a4ff0ca383a1412df3e52bd45db_amd64",
            "8Base-RHODS-1.22:rhods/odh-modelmesh-serving-controller-rhel8@sha256:4794ee0f6f454f6f0231f4fc52b52b336a841555011888ae6610a0052010ad01_amd64",
            "8Base-RHODS-1.22:rhods/odh-openvino-servingruntime-rhel8@sha256:e9a1a197ef46a2f3a88d92b4ec26ccbdb0c4b2673269a679b0b49190f3ff47ef_amd64",
            "8Base-RHODS-1.22:rhods/odh-operator-base-rhel8@sha256:1d327a26882442e6889e6fda37231b9407fdc06bfb7c9edc2b3e9a4068d32f45_amd64",
            "8Base-RHODS-1.22:rhods/odh-operator-bundle@sha256:af98395b01e9f5228dae2121a0a4b24a3336298f7687a47bad13ecd84a081b9f_amd64",
            "8Base-RHODS-1.22:rhods/odh-operator-rhel8@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7_amd64",
            "8Base-RHODS-1.22:rhods/odh-rhel8-operator@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2171870"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "odh-notebook-controller-container: Missing authorization allows for file contents disclosure",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHODS-1.22:rhods/odh-notebook-controller-rhel8@sha256:a7bcc98f4f37785251fee8a7779364e6bcc6bc0f70eae94af8dd6e6bada04661_amd64"
        ],
        "known_not_affected": [
          "8Base-RHODS-1.22:rhods/odh-dashboard-rhel8@sha256:4bef816aa1278039efc725c890ebbf1cbe2621e5c041cc2e93931206eca7b3b5_amd64",
          "8Base-RHODS-1.22:rhods/odh-deployer-rhel8@sha256:0adad5f04668bd4f17df45f70de6e5951e1101d7910a9191469e844800ce3cdd_amd64",
          "8Base-RHODS-1.22:rhods/odh-kf-notebook-controller-rhel8@sha256:f9094d6f5e99cc0a0f1bab23148797acc398b9a2a66b565009a10ae7b21cbdea_amd64",
          "8Base-RHODS-1.22:rhods/odh-ml-pipelines-api-server-rhel8@sha256:02e0693e13aee738c1ae0d3970330f8621516d60dc9b289be62583d3f991736c_amd64",
          "8Base-RHODS-1.22:rhods/odh-ml-pipelines-artifact-manager-rhel8@sha256:13081f4ad404cd42ad93325165f5b3507d6b42da7f71ec48e13148ea853b88f1_amd64",
          "8Base-RHODS-1.22:rhods/odh-ml-pipelines-cache-rhel8@sha256:1cdc72b86da535c836cd20ea1c0408dbb8e007b83523306cc285fbfd0e437ee0_amd64",
          "8Base-RHODS-1.22:rhods/odh-ml-pipelines-persistenceagent-rhel8@sha256:fce177e2f18b9b74084166b9bd088713f0c26566969d42dcb6262eff27884b8b_amd64",
          "8Base-RHODS-1.22:rhods/odh-ml-pipelines-scheduledworkflow-rhel8@sha256:d9a5162b50d0f343136151cd57a234b15041bd0fbd0832829babc97541819625_amd64",
          "8Base-RHODS-1.22:rhods/odh-ml-pipelines-viewercontroller-rhel8@sha256:d1e101b29ee29a739c3b35716346010f0277e3e167e45ee3f325d97a20dba85a_amd64",
          "8Base-RHODS-1.22:rhods/odh-mm-rest-proxy-rhel8@sha256:a0cf21ad4c7834b3784a514496ec905d1a5d3c1e7ede650ef24ff73fbec953af_amd64",
          "8Base-RHODS-1.22:rhods/odh-model-controller-rhel8@sha256:3401c44291f2256d50ea9fc3b2bccdcbb7bab0c838fd2c4cc9c2781869cd9900_amd64",
          "8Base-RHODS-1.22:rhods/odh-modelmesh-rhel8@sha256:8b77b645e8a9119a83732e43be3aedfdfb5fdf691a50fc594e9efd7233406dd2_amd64",
          "8Base-RHODS-1.22:rhods/odh-modelmesh-runtime-adapter-rhel8@sha256:853ced3339b18a0594a8ed0d3ae58e6af2047a4ff0ca383a1412df3e52bd45db_amd64",
          "8Base-RHODS-1.22:rhods/odh-modelmesh-serving-controller-rhel8@sha256:4794ee0f6f454f6f0231f4fc52b52b336a841555011888ae6610a0052010ad01_amd64",
          "8Base-RHODS-1.22:rhods/odh-openvino-servingruntime-rhel8@sha256:e9a1a197ef46a2f3a88d92b4ec26ccbdb0c4b2673269a679b0b49190f3ff47ef_amd64",
          "8Base-RHODS-1.22:rhods/odh-operator-base-rhel8@sha256:1d327a26882442e6889e6fda37231b9407fdc06bfb7c9edc2b3e9a4068d32f45_amd64",
          "8Base-RHODS-1.22:rhods/odh-operator-bundle@sha256:af98395b01e9f5228dae2121a0a4b24a3336298f7687a47bad13ecd84a081b9f_amd64",
          "8Base-RHODS-1.22:rhods/odh-operator-rhel8@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7_amd64",
          "8Base-RHODS-1.22:rhods/odh-rhel8-operator@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-0923"
        },
        {
          "category": "external",
          "summary": "RHBZ#2171870",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171870"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-0923",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-0923"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0923",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0923"
        }
      ],
      "release_date": "2023-02-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-02-28T08:31:43+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHODS-1.22:rhods/odh-notebook-controller-rhel8@sha256:a7bcc98f4f37785251fee8a7779364e6bcc6bc0f70eae94af8dd6e6bada04661_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0977"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHODS-1.22:rhods/odh-notebook-controller-rhel8@sha256:a7bcc98f4f37785251fee8a7779364e6bcc6bc0f70eae94af8dd6e6bada04661_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "odh-notebook-controller-container: Missing authorization allows for file contents disclosure"
    }
  ]
}

RHSA-2023:0977

Vulnerability from csaf_redhat - Published: 2023-02-28 08:31 - Updated: 2025-11-21 18:38

Summary

Red Hat Security Advisory: Red Hat OpenShift Data Science 1.22.1 security update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for kubeflow, dashboard, deployer is now available for Red Hat OpenShift Data Science 1.22.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat OpenShift Data Science 1.22.1 (kubeflow, dashboard, deployer) security update\n\nSecurity Fix(es):\n\n* odh-notebook-controller-container: Missing authorization allows for file contents disclosure (CVE-2023-0923)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:0977",
        "url": "https://access.redhat.com/errata/RHSA-2023:0977"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2171870",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171870"
      },
      {
        "category": "external",
        "summary": "RHODS-6123",
        "url": "https://issues.redhat.com/browse/RHODS-6123"
      },
      {
        "category": "external",
        "summary": "RHODS-6136",
        "url": "https://issues.redhat.com/browse/RHODS-6136"
      },
      {
        "category": "external",
        "summary": "RHODS-6330",
        "url": "https://issues.redhat.com/browse/RHODS-6330"
      },
      {
        "category": "external",
        "summary": "RHODS-6779",
        "url": "https://issues.redhat.com/browse/RHODS-6779"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0977.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat OpenShift Data Science 1.22.1 security update",
    "tracking": {
      "current_release_date": "2025-11-21T18:38:10+00:00",
      "generator": {
        "date": "2025-11-21T18:38:10+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2023:0977",
      "initial_release_date": "2023-02-28T08:31:43+00:00",
      "revision_history": [
        {
          "date": "2023-02-28T08:31:43+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-02-28T08:31:43+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T18:38:10+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "RHODS-1.22-RHEL-8",
                "product": {
                  "name": "RHODS-1.22-RHEL-8",
                  "product_id": "8Base-RHODS-1.22",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift_data_science:1.22::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Data Science"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhods/odh-dashboard-rhel8@sha256:4bef816aa1278039efc725c890ebbf1cbe2621e5c041cc2e93931206eca7b3b5_amd64",
                "product": {
                  "name": "rhods/odh-dashboard-rhel8@sha256:4bef816aa1278039efc725c890ebbf1cbe2621e5c041cc2e93931206eca7b3b5_amd64",
                  "product_id": "rhods/odh-dashboard-rhel8@sha256:4bef816aa1278039efc725c890ebbf1cbe2621e5c041cc2e93931206eca7b3b5_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-dashboard-rhel8@sha256:4bef816aa1278039efc725c890ebbf1cbe2621e5c041cc2e93931206eca7b3b5?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-dashboard-rhel8\u0026tag=v1.22.1-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-deployer-rhel8@sha256:0adad5f04668bd4f17df45f70de6e5951e1101d7910a9191469e844800ce3cdd_amd64",
                "product": {
                  "name": "rhods/odh-deployer-rhel8@sha256:0adad5f04668bd4f17df45f70de6e5951e1101d7910a9191469e844800ce3cdd_amd64",
                  "product_id": "rhods/odh-deployer-rhel8@sha256:0adad5f04668bd4f17df45f70de6e5951e1101d7910a9191469e844800ce3cdd_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-deployer-rhel8@sha256:0adad5f04668bd4f17df45f70de6e5951e1101d7910a9191469e844800ce3cdd?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-deployer-rhel8\u0026tag=v1.22.1-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-kf-notebook-controller-rhel8@sha256:f9094d6f5e99cc0a0f1bab23148797acc398b9a2a66b565009a10ae7b21cbdea_amd64",
                "product": {
                  "name": "rhods/odh-kf-notebook-controller-rhel8@sha256:f9094d6f5e99cc0a0f1bab23148797acc398b9a2a66b565009a10ae7b21cbdea_amd64",
                  "product_id": "rhods/odh-kf-notebook-controller-rhel8@sha256:f9094d6f5e99cc0a0f1bab23148797acc398b9a2a66b565009a10ae7b21cbdea_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-kf-notebook-controller-rhel8@sha256:f9094d6f5e99cc0a0f1bab23148797acc398b9a2a66b565009a10ae7b21cbdea?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-kf-notebook-controller-rhel8\u0026tag=v1.22.1-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-ml-pipelines-api-server-rhel8@sha256:02e0693e13aee738c1ae0d3970330f8621516d60dc9b289be62583d3f991736c_amd64",
                "product": {
                  "name": "rhods/odh-ml-pipelines-api-server-rhel8@sha256:02e0693e13aee738c1ae0d3970330f8621516d60dc9b289be62583d3f991736c_amd64",
                  "product_id": "rhods/odh-ml-pipelines-api-server-rhel8@sha256:02e0693e13aee738c1ae0d3970330f8621516d60dc9b289be62583d3f991736c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-ml-pipelines-api-server-rhel8@sha256:02e0693e13aee738c1ae0d3970330f8621516d60dc9b289be62583d3f991736c?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-ml-pipelines-api-server-rhel8\u0026tag=v1.22.1-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-ml-pipelines-artifact-manager-rhel8@sha256:13081f4ad404cd42ad93325165f5b3507d6b42da7f71ec48e13148ea853b88f1_amd64",
                "product": {
                  "name": "rhods/odh-ml-pipelines-artifact-manager-rhel8@sha256:13081f4ad404cd42ad93325165f5b3507d6b42da7f71ec48e13148ea853b88f1_amd64",
                  "product_id": "rhods/odh-ml-pipelines-artifact-manager-rhel8@sha256:13081f4ad404cd42ad93325165f5b3507d6b42da7f71ec48e13148ea853b88f1_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-ml-pipelines-artifact-manager-rhel8@sha256:13081f4ad404cd42ad93325165f5b3507d6b42da7f71ec48e13148ea853b88f1?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-ml-pipelines-artifact-manager-rhel8\u0026tag=v1.22.1-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-ml-pipelines-cache-rhel8@sha256:1cdc72b86da535c836cd20ea1c0408dbb8e007b83523306cc285fbfd0e437ee0_amd64",
                "product": {
                  "name": "rhods/odh-ml-pipelines-cache-rhel8@sha256:1cdc72b86da535c836cd20ea1c0408dbb8e007b83523306cc285fbfd0e437ee0_amd64",
                  "product_id": "rhods/odh-ml-pipelines-cache-rhel8@sha256:1cdc72b86da535c836cd20ea1c0408dbb8e007b83523306cc285fbfd0e437ee0_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-ml-pipelines-cache-rhel8@sha256:1cdc72b86da535c836cd20ea1c0408dbb8e007b83523306cc285fbfd0e437ee0?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-ml-pipelines-cache-rhel8\u0026tag=v1.22.1-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-ml-pipelines-persistenceagent-rhel8@sha256:fce177e2f18b9b74084166b9bd088713f0c26566969d42dcb6262eff27884b8b_amd64",
                "product": {
                  "name": "rhods/odh-ml-pipelines-persistenceagent-rhel8@sha256:fce177e2f18b9b74084166b9bd088713f0c26566969d42dcb6262eff27884b8b_amd64",
                  "product_id": "rhods/odh-ml-pipelines-persistenceagent-rhel8@sha256:fce177e2f18b9b74084166b9bd088713f0c26566969d42dcb6262eff27884b8b_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-ml-pipelines-persistenceagent-rhel8@sha256:fce177e2f18b9b74084166b9bd088713f0c26566969d42dcb6262eff27884b8b?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-ml-pipelines-persistenceagent-rhel8\u0026tag=v1.22.1-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-ml-pipelines-scheduledworkflow-rhel8@sha256:d9a5162b50d0f343136151cd57a234b15041bd0fbd0832829babc97541819625_amd64",
                "product": {
                  "name": "rhods/odh-ml-pipelines-scheduledworkflow-rhel8@sha256:d9a5162b50d0f343136151cd57a234b15041bd0fbd0832829babc97541819625_amd64",
                  "product_id": "rhods/odh-ml-pipelines-scheduledworkflow-rhel8@sha256:d9a5162b50d0f343136151cd57a234b15041bd0fbd0832829babc97541819625_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-ml-pipelines-scheduledworkflow-rhel8@sha256:d9a5162b50d0f343136151cd57a234b15041bd0fbd0832829babc97541819625?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-ml-pipelines-scheduledworkflow-rhel8\u0026tag=v1.22.1-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-ml-pipelines-viewercontroller-rhel8@sha256:d1e101b29ee29a739c3b35716346010f0277e3e167e45ee3f325d97a20dba85a_amd64",
                "product": {
                  "name": "rhods/odh-ml-pipelines-viewercontroller-rhel8@sha256:d1e101b29ee29a739c3b35716346010f0277e3e167e45ee3f325d97a20dba85a_amd64",
                  "product_id": "rhods/odh-ml-pipelines-viewercontroller-rhel8@sha256:d1e101b29ee29a739c3b35716346010f0277e3e167e45ee3f325d97a20dba85a_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-ml-pipelines-viewercontroller-rhel8@sha256:d1e101b29ee29a739c3b35716346010f0277e3e167e45ee3f325d97a20dba85a?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-ml-pipelines-viewercontroller-rhel8\u0026tag=v1.22.1-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-mm-rest-proxy-rhel8@sha256:a0cf21ad4c7834b3784a514496ec905d1a5d3c1e7ede650ef24ff73fbec953af_amd64",
                "product": {
                  "name": "rhods/odh-mm-rest-proxy-rhel8@sha256:a0cf21ad4c7834b3784a514496ec905d1a5d3c1e7ede650ef24ff73fbec953af_amd64",
                  "product_id": "rhods/odh-mm-rest-proxy-rhel8@sha256:a0cf21ad4c7834b3784a514496ec905d1a5d3c1e7ede650ef24ff73fbec953af_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-mm-rest-proxy-rhel8@sha256:a0cf21ad4c7834b3784a514496ec905d1a5d3c1e7ede650ef24ff73fbec953af?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-mm-rest-proxy-rhel8\u0026tag=v1.22.1-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-model-controller-rhel8@sha256:3401c44291f2256d50ea9fc3b2bccdcbb7bab0c838fd2c4cc9c2781869cd9900_amd64",
                "product": {
                  "name": "rhods/odh-model-controller-rhel8@sha256:3401c44291f2256d50ea9fc3b2bccdcbb7bab0c838fd2c4cc9c2781869cd9900_amd64",
                  "product_id": "rhods/odh-model-controller-rhel8@sha256:3401c44291f2256d50ea9fc3b2bccdcbb7bab0c838fd2c4cc9c2781869cd9900_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-model-controller-rhel8@sha256:3401c44291f2256d50ea9fc3b2bccdcbb7bab0c838fd2c4cc9c2781869cd9900?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-model-controller-rhel8\u0026tag=v1.22.1-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-modelmesh-rhel8@sha256:8b77b645e8a9119a83732e43be3aedfdfb5fdf691a50fc594e9efd7233406dd2_amd64",
                "product": {
                  "name": "rhods/odh-modelmesh-rhel8@sha256:8b77b645e8a9119a83732e43be3aedfdfb5fdf691a50fc594e9efd7233406dd2_amd64",
                  "product_id": "rhods/odh-modelmesh-rhel8@sha256:8b77b645e8a9119a83732e43be3aedfdfb5fdf691a50fc594e9efd7233406dd2_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-modelmesh-rhel8@sha256:8b77b645e8a9119a83732e43be3aedfdfb5fdf691a50fc594e9efd7233406dd2?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-modelmesh-rhel8\u0026tag=v1.22.1-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-modelmesh-runtime-adapter-rhel8@sha256:853ced3339b18a0594a8ed0d3ae58e6af2047a4ff0ca383a1412df3e52bd45db_amd64",
                "product": {
                  "name": "rhods/odh-modelmesh-runtime-adapter-rhel8@sha256:853ced3339b18a0594a8ed0d3ae58e6af2047a4ff0ca383a1412df3e52bd45db_amd64",
                  "product_id": "rhods/odh-modelmesh-runtime-adapter-rhel8@sha256:853ced3339b18a0594a8ed0d3ae58e6af2047a4ff0ca383a1412df3e52bd45db_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-modelmesh-runtime-adapter-rhel8@sha256:853ced3339b18a0594a8ed0d3ae58e6af2047a4ff0ca383a1412df3e52bd45db?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-modelmesh-runtime-adapter-rhel8\u0026tag=v1.22.1-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-modelmesh-serving-controller-rhel8@sha256:4794ee0f6f454f6f0231f4fc52b52b336a841555011888ae6610a0052010ad01_amd64",
                "product": {
                  "name": "rhods/odh-modelmesh-serving-controller-rhel8@sha256:4794ee0f6f454f6f0231f4fc52b52b336a841555011888ae6610a0052010ad01_amd64",
                  "product_id": "rhods/odh-modelmesh-serving-controller-rhel8@sha256:4794ee0f6f454f6f0231f4fc52b52b336a841555011888ae6610a0052010ad01_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-modelmesh-serving-controller-rhel8@sha256:4794ee0f6f454f6f0231f4fc52b52b336a841555011888ae6610a0052010ad01?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-modelmesh-serving-controller-rhel8\u0026tag=v1.22.1-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-notebook-controller-rhel8@sha256:a7bcc98f4f37785251fee8a7779364e6bcc6bc0f70eae94af8dd6e6bada04661_amd64",
                "product": {
                  "name": "rhods/odh-notebook-controller-rhel8@sha256:a7bcc98f4f37785251fee8a7779364e6bcc6bc0f70eae94af8dd6e6bada04661_amd64",
                  "product_id": "rhods/odh-notebook-controller-rhel8@sha256:a7bcc98f4f37785251fee8a7779364e6bcc6bc0f70eae94af8dd6e6bada04661_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-notebook-controller-rhel8@sha256:a7bcc98f4f37785251fee8a7779364e6bcc6bc0f70eae94af8dd6e6bada04661?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-notebook-controller-rhel8\u0026tag=v1.22.1-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-openvino-servingruntime-rhel8@sha256:e9a1a197ef46a2f3a88d92b4ec26ccbdb0c4b2673269a679b0b49190f3ff47ef_amd64",
                "product": {
                  "name": "rhods/odh-openvino-servingruntime-rhel8@sha256:e9a1a197ef46a2f3a88d92b4ec26ccbdb0c4b2673269a679b0b49190f3ff47ef_amd64",
                  "product_id": "rhods/odh-openvino-servingruntime-rhel8@sha256:e9a1a197ef46a2f3a88d92b4ec26ccbdb0c4b2673269a679b0b49190f3ff47ef_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-openvino-servingruntime-rhel8@sha256:e9a1a197ef46a2f3a88d92b4ec26ccbdb0c4b2673269a679b0b49190f3ff47ef?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-openvino-servingruntime-rhel8\u0026tag=v1.22.1-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-operator-base-rhel8@sha256:1d327a26882442e6889e6fda37231b9407fdc06bfb7c9edc2b3e9a4068d32f45_amd64",
                "product": {
                  "name": "rhods/odh-operator-base-rhel8@sha256:1d327a26882442e6889e6fda37231b9407fdc06bfb7c9edc2b3e9a4068d32f45_amd64",
                  "product_id": "rhods/odh-operator-base-rhel8@sha256:1d327a26882442e6889e6fda37231b9407fdc06bfb7c9edc2b3e9a4068d32f45_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-operator-base-rhel8@sha256:1d327a26882442e6889e6fda37231b9407fdc06bfb7c9edc2b3e9a4068d32f45?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-operator-base-rhel8\u0026tag=v1.22.1-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-operator-bundle@sha256:af98395b01e9f5228dae2121a0a4b24a3336298f7687a47bad13ecd84a081b9f_amd64",
                "product": {
                  "name": "rhods/odh-operator-bundle@sha256:af98395b01e9f5228dae2121a0a4b24a3336298f7687a47bad13ecd84a081b9f_amd64",
                  "product_id": "rhods/odh-operator-bundle@sha256:af98395b01e9f5228dae2121a0a4b24a3336298f7687a47bad13ecd84a081b9f_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-operator-bundle@sha256:af98395b01e9f5228dae2121a0a4b24a3336298f7687a47bad13ecd84a081b9f?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-operator-bundle\u0026tag=v1.22.1-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-rhel8-operator@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7_amd64",
                "product": {
                  "name": "rhods/odh-rhel8-operator@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7_amd64",
                  "product_id": "rhods/odh-rhel8-operator@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-rhel8-operator@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-rhel8-operator\u0026tag=v1.22.1-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-operator-rhel8@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7_amd64",
                "product": {
                  "name": "rhods/odh-operator-rhel8@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7_amd64",
                  "product_id": "rhods/odh-operator-rhel8@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-operator-rhel8@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-operator-rhel8\u0026tag=v1.22.1-2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-dashboard-rhel8@sha256:4bef816aa1278039efc725c890ebbf1cbe2621e5c041cc2e93931206eca7b3b5_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-dashboard-rhel8@sha256:4bef816aa1278039efc725c890ebbf1cbe2621e5c041cc2e93931206eca7b3b5_amd64"
        },
        "product_reference": "rhods/odh-dashboard-rhel8@sha256:4bef816aa1278039efc725c890ebbf1cbe2621e5c041cc2e93931206eca7b3b5_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-deployer-rhel8@sha256:0adad5f04668bd4f17df45f70de6e5951e1101d7910a9191469e844800ce3cdd_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-deployer-rhel8@sha256:0adad5f04668bd4f17df45f70de6e5951e1101d7910a9191469e844800ce3cdd_amd64"
        },
        "product_reference": "rhods/odh-deployer-rhel8@sha256:0adad5f04668bd4f17df45f70de6e5951e1101d7910a9191469e844800ce3cdd_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-kf-notebook-controller-rhel8@sha256:f9094d6f5e99cc0a0f1bab23148797acc398b9a2a66b565009a10ae7b21cbdea_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-kf-notebook-controller-rhel8@sha256:f9094d6f5e99cc0a0f1bab23148797acc398b9a2a66b565009a10ae7b21cbdea_amd64"
        },
        "product_reference": "rhods/odh-kf-notebook-controller-rhel8@sha256:f9094d6f5e99cc0a0f1bab23148797acc398b9a2a66b565009a10ae7b21cbdea_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-ml-pipelines-api-server-rhel8@sha256:02e0693e13aee738c1ae0d3970330f8621516d60dc9b289be62583d3f991736c_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-ml-pipelines-api-server-rhel8@sha256:02e0693e13aee738c1ae0d3970330f8621516d60dc9b289be62583d3f991736c_amd64"
        },
        "product_reference": "rhods/odh-ml-pipelines-api-server-rhel8@sha256:02e0693e13aee738c1ae0d3970330f8621516d60dc9b289be62583d3f991736c_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-ml-pipelines-artifact-manager-rhel8@sha256:13081f4ad404cd42ad93325165f5b3507d6b42da7f71ec48e13148ea853b88f1_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-ml-pipelines-artifact-manager-rhel8@sha256:13081f4ad404cd42ad93325165f5b3507d6b42da7f71ec48e13148ea853b88f1_amd64"
        },
        "product_reference": "rhods/odh-ml-pipelines-artifact-manager-rhel8@sha256:13081f4ad404cd42ad93325165f5b3507d6b42da7f71ec48e13148ea853b88f1_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-ml-pipelines-cache-rhel8@sha256:1cdc72b86da535c836cd20ea1c0408dbb8e007b83523306cc285fbfd0e437ee0_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-ml-pipelines-cache-rhel8@sha256:1cdc72b86da535c836cd20ea1c0408dbb8e007b83523306cc285fbfd0e437ee0_amd64"
        },
        "product_reference": "rhods/odh-ml-pipelines-cache-rhel8@sha256:1cdc72b86da535c836cd20ea1c0408dbb8e007b83523306cc285fbfd0e437ee0_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-ml-pipelines-persistenceagent-rhel8@sha256:fce177e2f18b9b74084166b9bd088713f0c26566969d42dcb6262eff27884b8b_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-ml-pipelines-persistenceagent-rhel8@sha256:fce177e2f18b9b74084166b9bd088713f0c26566969d42dcb6262eff27884b8b_amd64"
        },
        "product_reference": "rhods/odh-ml-pipelines-persistenceagent-rhel8@sha256:fce177e2f18b9b74084166b9bd088713f0c26566969d42dcb6262eff27884b8b_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-ml-pipelines-scheduledworkflow-rhel8@sha256:d9a5162b50d0f343136151cd57a234b15041bd0fbd0832829babc97541819625_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-ml-pipelines-scheduledworkflow-rhel8@sha256:d9a5162b50d0f343136151cd57a234b15041bd0fbd0832829babc97541819625_amd64"
        },
        "product_reference": "rhods/odh-ml-pipelines-scheduledworkflow-rhel8@sha256:d9a5162b50d0f343136151cd57a234b15041bd0fbd0832829babc97541819625_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-ml-pipelines-viewercontroller-rhel8@sha256:d1e101b29ee29a739c3b35716346010f0277e3e167e45ee3f325d97a20dba85a_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-ml-pipelines-viewercontroller-rhel8@sha256:d1e101b29ee29a739c3b35716346010f0277e3e167e45ee3f325d97a20dba85a_amd64"
        },
        "product_reference": "rhods/odh-ml-pipelines-viewercontroller-rhel8@sha256:d1e101b29ee29a739c3b35716346010f0277e3e167e45ee3f325d97a20dba85a_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-mm-rest-proxy-rhel8@sha256:a0cf21ad4c7834b3784a514496ec905d1a5d3c1e7ede650ef24ff73fbec953af_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-mm-rest-proxy-rhel8@sha256:a0cf21ad4c7834b3784a514496ec905d1a5d3c1e7ede650ef24ff73fbec953af_amd64"
        },
        "product_reference": "rhods/odh-mm-rest-proxy-rhel8@sha256:a0cf21ad4c7834b3784a514496ec905d1a5d3c1e7ede650ef24ff73fbec953af_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-model-controller-rhel8@sha256:3401c44291f2256d50ea9fc3b2bccdcbb7bab0c838fd2c4cc9c2781869cd9900_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-model-controller-rhel8@sha256:3401c44291f2256d50ea9fc3b2bccdcbb7bab0c838fd2c4cc9c2781869cd9900_amd64"
        },
        "product_reference": "rhods/odh-model-controller-rhel8@sha256:3401c44291f2256d50ea9fc3b2bccdcbb7bab0c838fd2c4cc9c2781869cd9900_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-modelmesh-rhel8@sha256:8b77b645e8a9119a83732e43be3aedfdfb5fdf691a50fc594e9efd7233406dd2_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-modelmesh-rhel8@sha256:8b77b645e8a9119a83732e43be3aedfdfb5fdf691a50fc594e9efd7233406dd2_amd64"
        },
        "product_reference": "rhods/odh-modelmesh-rhel8@sha256:8b77b645e8a9119a83732e43be3aedfdfb5fdf691a50fc594e9efd7233406dd2_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-modelmesh-runtime-adapter-rhel8@sha256:853ced3339b18a0594a8ed0d3ae58e6af2047a4ff0ca383a1412df3e52bd45db_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-modelmesh-runtime-adapter-rhel8@sha256:853ced3339b18a0594a8ed0d3ae58e6af2047a4ff0ca383a1412df3e52bd45db_amd64"
        },
        "product_reference": "rhods/odh-modelmesh-runtime-adapter-rhel8@sha256:853ced3339b18a0594a8ed0d3ae58e6af2047a4ff0ca383a1412df3e52bd45db_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-modelmesh-serving-controller-rhel8@sha256:4794ee0f6f454f6f0231f4fc52b52b336a841555011888ae6610a0052010ad01_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-modelmesh-serving-controller-rhel8@sha256:4794ee0f6f454f6f0231f4fc52b52b336a841555011888ae6610a0052010ad01_amd64"
        },
        "product_reference": "rhods/odh-modelmesh-serving-controller-rhel8@sha256:4794ee0f6f454f6f0231f4fc52b52b336a841555011888ae6610a0052010ad01_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-notebook-controller-rhel8@sha256:a7bcc98f4f37785251fee8a7779364e6bcc6bc0f70eae94af8dd6e6bada04661_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-notebook-controller-rhel8@sha256:a7bcc98f4f37785251fee8a7779364e6bcc6bc0f70eae94af8dd6e6bada04661_amd64"
        },
        "product_reference": "rhods/odh-notebook-controller-rhel8@sha256:a7bcc98f4f37785251fee8a7779364e6bcc6bc0f70eae94af8dd6e6bada04661_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-openvino-servingruntime-rhel8@sha256:e9a1a197ef46a2f3a88d92b4ec26ccbdb0c4b2673269a679b0b49190f3ff47ef_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-openvino-servingruntime-rhel8@sha256:e9a1a197ef46a2f3a88d92b4ec26ccbdb0c4b2673269a679b0b49190f3ff47ef_amd64"
        },
        "product_reference": "rhods/odh-openvino-servingruntime-rhel8@sha256:e9a1a197ef46a2f3a88d92b4ec26ccbdb0c4b2673269a679b0b49190f3ff47ef_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-operator-base-rhel8@sha256:1d327a26882442e6889e6fda37231b9407fdc06bfb7c9edc2b3e9a4068d32f45_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-operator-base-rhel8@sha256:1d327a26882442e6889e6fda37231b9407fdc06bfb7c9edc2b3e9a4068d32f45_amd64"
        },
        "product_reference": "rhods/odh-operator-base-rhel8@sha256:1d327a26882442e6889e6fda37231b9407fdc06bfb7c9edc2b3e9a4068d32f45_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-operator-bundle@sha256:af98395b01e9f5228dae2121a0a4b24a3336298f7687a47bad13ecd84a081b9f_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-operator-bundle@sha256:af98395b01e9f5228dae2121a0a4b24a3336298f7687a47bad13ecd84a081b9f_amd64"
        },
        "product_reference": "rhods/odh-operator-bundle@sha256:af98395b01e9f5228dae2121a0a4b24a3336298f7687a47bad13ecd84a081b9f_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-operator-rhel8@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-operator-rhel8@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7_amd64"
        },
        "product_reference": "rhods/odh-operator-rhel8@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-rhel8-operator@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-rhel8-operator@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7_amd64"
        },
        "product_reference": "rhods/odh-rhel8-operator@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-0923",
      "cwe": {
        "id": "CWE-862",
        "name": "Missing Authorization"
      },
      "discovery_date": "2023-02-20T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHODS-1.22:rhods/odh-dashboard-rhel8@sha256:4bef816aa1278039efc725c890ebbf1cbe2621e5c041cc2e93931206eca7b3b5_amd64",
            "8Base-RHODS-1.22:rhods/odh-deployer-rhel8@sha256:0adad5f04668bd4f17df45f70de6e5951e1101d7910a9191469e844800ce3cdd_amd64",
            "8Base-RHODS-1.22:rhods/odh-kf-notebook-controller-rhel8@sha256:f9094d6f5e99cc0a0f1bab23148797acc398b9a2a66b565009a10ae7b21cbdea_amd64",
            "8Base-RHODS-1.22:rhods/odh-ml-pipelines-api-server-rhel8@sha256:02e0693e13aee738c1ae0d3970330f8621516d60dc9b289be62583d3f991736c_amd64",
            "8Base-RHODS-1.22:rhods/odh-ml-pipelines-artifact-manager-rhel8@sha256:13081f4ad404cd42ad93325165f5b3507d6b42da7f71ec48e13148ea853b88f1_amd64",
            "8Base-RHODS-1.22:rhods/odh-ml-pipelines-cache-rhel8@sha256:1cdc72b86da535c836cd20ea1c0408dbb8e007b83523306cc285fbfd0e437ee0_amd64",
            "8Base-RHODS-1.22:rhods/odh-ml-pipelines-persistenceagent-rhel8@sha256:fce177e2f18b9b74084166b9bd088713f0c26566969d42dcb6262eff27884b8b_amd64",
            "8Base-RHODS-1.22:rhods/odh-ml-pipelines-scheduledworkflow-rhel8@sha256:d9a5162b50d0f343136151cd57a234b15041bd0fbd0832829babc97541819625_amd64",
            "8Base-RHODS-1.22:rhods/odh-ml-pipelines-viewercontroller-rhel8@sha256:d1e101b29ee29a739c3b35716346010f0277e3e167e45ee3f325d97a20dba85a_amd64",
            "8Base-RHODS-1.22:rhods/odh-mm-rest-proxy-rhel8@sha256:a0cf21ad4c7834b3784a514496ec905d1a5d3c1e7ede650ef24ff73fbec953af_amd64",
            "8Base-RHODS-1.22:rhods/odh-model-controller-rhel8@sha256:3401c44291f2256d50ea9fc3b2bccdcbb7bab0c838fd2c4cc9c2781869cd9900_amd64",
            "8Base-RHODS-1.22:rhods/odh-modelmesh-rhel8@sha256:8b77b645e8a9119a83732e43be3aedfdfb5fdf691a50fc594e9efd7233406dd2_amd64",
            "8Base-RHODS-1.22:rhods/odh-modelmesh-runtime-adapter-rhel8@sha256:853ced3339b18a0594a8ed0d3ae58e6af2047a4ff0ca383a1412df3e52bd45db_amd64",
            "8Base-RHODS-1.22:rhods/odh-modelmesh-serving-controller-rhel8@sha256:4794ee0f6f454f6f0231f4fc52b52b336a841555011888ae6610a0052010ad01_amd64",
            "8Base-RHODS-1.22:rhods/odh-openvino-servingruntime-rhel8@sha256:e9a1a197ef46a2f3a88d92b4ec26ccbdb0c4b2673269a679b0b49190f3ff47ef_amd64",
            "8Base-RHODS-1.22:rhods/odh-operator-base-rhel8@sha256:1d327a26882442e6889e6fda37231b9407fdc06bfb7c9edc2b3e9a4068d32f45_amd64",
            "8Base-RHODS-1.22:rhods/odh-operator-bundle@sha256:af98395b01e9f5228dae2121a0a4b24a3336298f7687a47bad13ecd84a081b9f_amd64",
            "8Base-RHODS-1.22:rhods/odh-operator-rhel8@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7_amd64",
            "8Base-RHODS-1.22:rhods/odh-rhel8-operator@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2171870"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "odh-notebook-controller-container: Missing authorization allows for file contents disclosure",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHODS-1.22:rhods/odh-notebook-controller-rhel8@sha256:a7bcc98f4f37785251fee8a7779364e6bcc6bc0f70eae94af8dd6e6bada04661_amd64"
        ],
        "known_not_affected": [
          "8Base-RHODS-1.22:rhods/odh-dashboard-rhel8@sha256:4bef816aa1278039efc725c890ebbf1cbe2621e5c041cc2e93931206eca7b3b5_amd64",
          "8Base-RHODS-1.22:rhods/odh-deployer-rhel8@sha256:0adad5f04668bd4f17df45f70de6e5951e1101d7910a9191469e844800ce3cdd_amd64",
          "8Base-RHODS-1.22:rhods/odh-kf-notebook-controller-rhel8@sha256:f9094d6f5e99cc0a0f1bab23148797acc398b9a2a66b565009a10ae7b21cbdea_amd64",
          "8Base-RHODS-1.22:rhods/odh-ml-pipelines-api-server-rhel8@sha256:02e0693e13aee738c1ae0d3970330f8621516d60dc9b289be62583d3f991736c_amd64",
          "8Base-RHODS-1.22:rhods/odh-ml-pipelines-artifact-manager-rhel8@sha256:13081f4ad404cd42ad93325165f5b3507d6b42da7f71ec48e13148ea853b88f1_amd64",
          "8Base-RHODS-1.22:rhods/odh-ml-pipelines-cache-rhel8@sha256:1cdc72b86da535c836cd20ea1c0408dbb8e007b83523306cc285fbfd0e437ee0_amd64",
          "8Base-RHODS-1.22:rhods/odh-ml-pipelines-persistenceagent-rhel8@sha256:fce177e2f18b9b74084166b9bd088713f0c26566969d42dcb6262eff27884b8b_amd64",
          "8Base-RHODS-1.22:rhods/odh-ml-pipelines-scheduledworkflow-rhel8@sha256:d9a5162b50d0f343136151cd57a234b15041bd0fbd0832829babc97541819625_amd64",
          "8Base-RHODS-1.22:rhods/odh-ml-pipelines-viewercontroller-rhel8@sha256:d1e101b29ee29a739c3b35716346010f0277e3e167e45ee3f325d97a20dba85a_amd64",
          "8Base-RHODS-1.22:rhods/odh-mm-rest-proxy-rhel8@sha256:a0cf21ad4c7834b3784a514496ec905d1a5d3c1e7ede650ef24ff73fbec953af_amd64",
          "8Base-RHODS-1.22:rhods/odh-model-controller-rhel8@sha256:3401c44291f2256d50ea9fc3b2bccdcbb7bab0c838fd2c4cc9c2781869cd9900_amd64",
          "8Base-RHODS-1.22:rhods/odh-modelmesh-rhel8@sha256:8b77b645e8a9119a83732e43be3aedfdfb5fdf691a50fc594e9efd7233406dd2_amd64",
          "8Base-RHODS-1.22:rhods/odh-modelmesh-runtime-adapter-rhel8@sha256:853ced3339b18a0594a8ed0d3ae58e6af2047a4ff0ca383a1412df3e52bd45db_amd64",
          "8Base-RHODS-1.22:rhods/odh-modelmesh-serving-controller-rhel8@sha256:4794ee0f6f454f6f0231f4fc52b52b336a841555011888ae6610a0052010ad01_amd64",
          "8Base-RHODS-1.22:rhods/odh-openvino-servingruntime-rhel8@sha256:e9a1a197ef46a2f3a88d92b4ec26ccbdb0c4b2673269a679b0b49190f3ff47ef_amd64",
          "8Base-RHODS-1.22:rhods/odh-operator-base-rhel8@sha256:1d327a26882442e6889e6fda37231b9407fdc06bfb7c9edc2b3e9a4068d32f45_amd64",
          "8Base-RHODS-1.22:rhods/odh-operator-bundle@sha256:af98395b01e9f5228dae2121a0a4b24a3336298f7687a47bad13ecd84a081b9f_amd64",
          "8Base-RHODS-1.22:rhods/odh-operator-rhel8@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7_amd64",
          "8Base-RHODS-1.22:rhods/odh-rhel8-operator@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-0923"
        },
        {
          "category": "external",
          "summary": "RHBZ#2171870",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171870"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-0923",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-0923"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0923",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0923"
        }
      ],
      "release_date": "2023-02-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-02-28T08:31:43+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHODS-1.22:rhods/odh-notebook-controller-rhel8@sha256:a7bcc98f4f37785251fee8a7779364e6bcc6bc0f70eae94af8dd6e6bada04661_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0977"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHODS-1.22:rhods/odh-dashboard-rhel8@sha256:4bef816aa1278039efc725c890ebbf1cbe2621e5c041cc2e93931206eca7b3b5_amd64",
            "8Base-RHODS-1.22:rhods/odh-deployer-rhel8@sha256:0adad5f04668bd4f17df45f70de6e5951e1101d7910a9191469e844800ce3cdd_amd64",
            "8Base-RHODS-1.22:rhods/odh-kf-notebook-controller-rhel8@sha256:f9094d6f5e99cc0a0f1bab23148797acc398b9a2a66b565009a10ae7b21cbdea_amd64",
            "8Base-RHODS-1.22:rhods/odh-ml-pipelines-api-server-rhel8@sha256:02e0693e13aee738c1ae0d3970330f8621516d60dc9b289be62583d3f991736c_amd64",
            "8Base-RHODS-1.22:rhods/odh-ml-pipelines-artifact-manager-rhel8@sha256:13081f4ad404cd42ad93325165f5b3507d6b42da7f71ec48e13148ea853b88f1_amd64",
            "8Base-RHODS-1.22:rhods/odh-ml-pipelines-cache-rhel8@sha256:1cdc72b86da535c836cd20ea1c0408dbb8e007b83523306cc285fbfd0e437ee0_amd64",
            "8Base-RHODS-1.22:rhods/odh-ml-pipelines-persistenceagent-rhel8@sha256:fce177e2f18b9b74084166b9bd088713f0c26566969d42dcb6262eff27884b8b_amd64",
            "8Base-RHODS-1.22:rhods/odh-ml-pipelines-scheduledworkflow-rhel8@sha256:d9a5162b50d0f343136151cd57a234b15041bd0fbd0832829babc97541819625_amd64",
            "8Base-RHODS-1.22:rhods/odh-ml-pipelines-viewercontroller-rhel8@sha256:d1e101b29ee29a739c3b35716346010f0277e3e167e45ee3f325d97a20dba85a_amd64",
            "8Base-RHODS-1.22:rhods/odh-mm-rest-proxy-rhel8@sha256:a0cf21ad4c7834b3784a514496ec905d1a5d3c1e7ede650ef24ff73fbec953af_amd64",
            "8Base-RHODS-1.22:rhods/odh-model-controller-rhel8@sha256:3401c44291f2256d50ea9fc3b2bccdcbb7bab0c838fd2c4cc9c2781869cd9900_amd64",
            "8Base-RHODS-1.22:rhods/odh-modelmesh-rhel8@sha256:8b77b645e8a9119a83732e43be3aedfdfb5fdf691a50fc594e9efd7233406dd2_amd64",
            "8Base-RHODS-1.22:rhods/odh-modelmesh-runtime-adapter-rhel8@sha256:853ced3339b18a0594a8ed0d3ae58e6af2047a4ff0ca383a1412df3e52bd45db_amd64",
            "8Base-RHODS-1.22:rhods/odh-modelmesh-serving-controller-rhel8@sha256:4794ee0f6f454f6f0231f4fc52b52b336a841555011888ae6610a0052010ad01_amd64",
            "8Base-RHODS-1.22:rhods/odh-notebook-controller-rhel8@sha256:a7bcc98f4f37785251fee8a7779364e6bcc6bc0f70eae94af8dd6e6bada04661_amd64",
            "8Base-RHODS-1.22:rhods/odh-openvino-servingruntime-rhel8@sha256:e9a1a197ef46a2f3a88d92b4ec26ccbdb0c4b2673269a679b0b49190f3ff47ef_amd64",
            "8Base-RHODS-1.22:rhods/odh-operator-base-rhel8@sha256:1d327a26882442e6889e6fda37231b9407fdc06bfb7c9edc2b3e9a4068d32f45_amd64",
            "8Base-RHODS-1.22:rhods/odh-operator-bundle@sha256:af98395b01e9f5228dae2121a0a4b24a3336298f7687a47bad13ecd84a081b9f_amd64",
            "8Base-RHODS-1.22:rhods/odh-operator-rhel8@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7_amd64",
            "8Base-RHODS-1.22:rhods/odh-rhel8-operator@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "odh-notebook-controller-container: Missing authorization allows for file contents disclosure"
    }
  ]
}

FKIE_CVE-2023-0923

Vulnerability from fkie_nvd - Published: 2023-09-15 21:15 - Updated: 2024-11-21 07:38

Severity ?

8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2023:0977	Vendor Advisory
secalert@redhat.com	https://access.redhat.com/security/cve/CVE-2023-0923	Vendor Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=2171870	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2023:0977	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/security/cve/CVE-2023-0923	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=2171870	Issue Tracking, Vendor Advisory

Impacted products

	Vendor	Product	Version
	redhat	openshift_data_science	*
	redhat	enterprise_linux	8.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:openshift_data_science:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "85641122-B8E2-4665-ABA5-2D812E52F36A",
              "versionEndExcluding": "1.22.1-3",
              "versionStartIncluding": "1.22",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 una falla en el servicio Kubernetes para port\u00e1tiles en RHODS, donde no impide que los pods de otros espacios de nombres y aplicaciones realicen solicitudes a la API de Jupyter. Esta falla puede provocar la exposici\u00f3n del contenido del archivo y otros problemas."
    }
  ],
  "id": "CVE-2023-0923",
  "lastModified": "2024-11-21T07:38:06.380",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-09-15T21:15:09.153",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2023:0977"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2023-0923"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171870"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2023:0977"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2023-0923"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171870"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2023-0923

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-0923

Aliases

CVE-2023-0923

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-0923",
    "id": "GSD-2023-0923",
    "references": [
      "https://access.redhat.com/errata/RHSA-2023:0977"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-0923"
      ],
      "details": "A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues.",
      "id": "GSD-2023-0923",
      "modified": "2023-12-13T01:20:22.430320Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2023-0923",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "odh-notebook-controller-container",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected"
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            },
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "RHODS-1.22-RHEL-8",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "lessThan": "*",
                                "status": "unaffected",
                                "version": "v1.22.1-3",
                                "versionType": "rpm"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Red Hat"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-862",
                "lang": "eng",
                "value": "Missing Authorization"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://access.redhat.com/errata/RHSA-2023:0977",
            "refsource": "MISC",
            "url": "https://access.redhat.com/errata/RHSA-2023:0977"
          },
          {
            "name": "https://access.redhat.com/security/cve/CVE-2023-0923",
            "refsource": "MISC",
            "url": "https://access.redhat.com/security/cve/CVE-2023-0923"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2171870",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171870"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:openshift_data_science:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.22.1-3",
                    "versionStartIncluding": "1.22",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2023-0923"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-862"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://access.redhat.com/errata/RHSA-2023:0977",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:0977"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2171870",
              "refsource": "MISC",
              "tags": [
                "Issue Tracking",
                "Vendor Advisory"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171870"
            },
            {
              "name": "https://access.redhat.com/security/cve/CVE-2023-0923",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-0923"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-09-20T20:40Z",
      "publishedDate": "2023-09-15T21:15Z"
    }
  }
}

GHSA-FFVF-VJ8C-4HF8

Vulnerability from github – Published: 2023-09-15 21:30 – Updated: 2024-04-04 07:42

Details

Severity ?

8.0 (High)


                  
                    CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-0923"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-862"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-15T21:15:09Z",
    "severity": "CRITICAL"
  },
  "details": "A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues.",
  "id": "GHSA-ffvf-vj8c-4hf8",
  "modified": "2024-04-04T07:42:37Z",
  "published": "2023-09-15T21:30:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0923"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2023:0977"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2023-0923"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171870"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-0923 (GCVE-0-2023-0923)

RHSA-2023_0977

RHSA-2023:0977

FKIE_CVE-2023-0923

GSD-2023-0923

GHSA-FFVF-VJ8C-4HF8

Tags

Sightings

Nomenclature