csaf_redhat - rhsa-2023

rhsa-2023_0977

Vulnerability from csaf_redhat

Published

2023-02-28 08:31

Modified

2024-11-22 22:08

Summary

Red Hat Security Advisory: Red Hat OpenShift Data Science 1.22.1 security update

Notes

Topic

An update for kubeflow, dashboard, deployer is now available for Red Hat OpenShift Data Science 1.22. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Red Hat OpenShift Data Science 1.22.1 (kubeflow, dashboard, deployer) security update Security Fix(es): * odh-notebook-controller-container: Missing authorization allows for file contents disclosure (CVE-2023-0923) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for kubeflow, dashboard, deployer is now available for Red Hat OpenShift Data Science 1.22.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat OpenShift Data Science 1.22.1 (kubeflow, dashboard, deployer) security update\n\nSecurity Fix(es):\n\n* odh-notebook-controller-container: Missing authorization allows for file contents disclosure (CVE-2023-0923)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:0977",
        "url": "https://access.redhat.com/errata/RHSA-2023:0977"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2171870",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171870"
      },
      {
        "category": "external",
        "summary": "RHODS-6123",
        "url": "https://issues.redhat.com/browse/RHODS-6123"
      },
      {
        "category": "external",
        "summary": "RHODS-6136",
        "url": "https://issues.redhat.com/browse/RHODS-6136"
      },
      {
        "category": "external",
        "summary": "RHODS-6330",
        "url": "https://issues.redhat.com/browse/RHODS-6330"
      },
      {
        "category": "external",
        "summary": "RHODS-6779",
        "url": "https://issues.redhat.com/browse/RHODS-6779"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0977.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat OpenShift Data Science 1.22.1 security update",
    "tracking": {
      "current_release_date": "2024-11-22T22:08:56+00:00",
      "generator": {
        "date": "2024-11-22T22:08:56+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2023:0977",
      "initial_release_date": "2023-02-28T08:31:43+00:00",
      "revision_history": [
        {
          "date": "2023-02-28T08:31:43+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-02-28T08:31:43+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T22:08:56+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "RHODS-1.22-RHEL-8",
                "product": {
                  "name": "RHODS-1.22-RHEL-8",
                  "product_id": "8Base-RHODS-1.22",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift_data_science:1.22::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Data Science"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhods/odh-dashboard-rhel8@sha256:4bef816aa1278039efc725c890ebbf1cbe2621e5c041cc2e93931206eca7b3b5_amd64",
                "product": {
                  "name": "rhods/odh-dashboard-rhel8@sha256:4bef816aa1278039efc725c890ebbf1cbe2621e5c041cc2e93931206eca7b3b5_amd64",
                  "product_id": "rhods/odh-dashboard-rhel8@sha256:4bef816aa1278039efc725c890ebbf1cbe2621e5c041cc2e93931206eca7b3b5_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-dashboard-rhel8@sha256:4bef816aa1278039efc725c890ebbf1cbe2621e5c041cc2e93931206eca7b3b5?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-dashboard-rhel8\u0026tag=v1.22.1-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-deployer-rhel8@sha256:0adad5f04668bd4f17df45f70de6e5951e1101d7910a9191469e844800ce3cdd_amd64",
                "product": {
                  "name": "rhods/odh-deployer-rhel8@sha256:0adad5f04668bd4f17df45f70de6e5951e1101d7910a9191469e844800ce3cdd_amd64",
                  "product_id": "rhods/odh-deployer-rhel8@sha256:0adad5f04668bd4f17df45f70de6e5951e1101d7910a9191469e844800ce3cdd_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-deployer-rhel8@sha256:0adad5f04668bd4f17df45f70de6e5951e1101d7910a9191469e844800ce3cdd?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-deployer-rhel8\u0026tag=v1.22.1-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-kf-notebook-controller-rhel8@sha256:f9094d6f5e99cc0a0f1bab23148797acc398b9a2a66b565009a10ae7b21cbdea_amd64",
                "product": {
                  "name": "rhods/odh-kf-notebook-controller-rhel8@sha256:f9094d6f5e99cc0a0f1bab23148797acc398b9a2a66b565009a10ae7b21cbdea_amd64",
                  "product_id": "rhods/odh-kf-notebook-controller-rhel8@sha256:f9094d6f5e99cc0a0f1bab23148797acc398b9a2a66b565009a10ae7b21cbdea_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-kf-notebook-controller-rhel8@sha256:f9094d6f5e99cc0a0f1bab23148797acc398b9a2a66b565009a10ae7b21cbdea?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-kf-notebook-controller-rhel8\u0026tag=v1.22.1-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-ml-pipelines-api-server-rhel8@sha256:02e0693e13aee738c1ae0d3970330f8621516d60dc9b289be62583d3f991736c_amd64",
                "product": {
                  "name": "rhods/odh-ml-pipelines-api-server-rhel8@sha256:02e0693e13aee738c1ae0d3970330f8621516d60dc9b289be62583d3f991736c_amd64",
                  "product_id": "rhods/odh-ml-pipelines-api-server-rhel8@sha256:02e0693e13aee738c1ae0d3970330f8621516d60dc9b289be62583d3f991736c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-ml-pipelines-api-server-rhel8@sha256:02e0693e13aee738c1ae0d3970330f8621516d60dc9b289be62583d3f991736c?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-ml-pipelines-api-server-rhel8\u0026tag=v1.22.1-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-ml-pipelines-artifact-manager-rhel8@sha256:13081f4ad404cd42ad93325165f5b3507d6b42da7f71ec48e13148ea853b88f1_amd64",
                "product": {
                  "name": "rhods/odh-ml-pipelines-artifact-manager-rhel8@sha256:13081f4ad404cd42ad93325165f5b3507d6b42da7f71ec48e13148ea853b88f1_amd64",
                  "product_id": "rhods/odh-ml-pipelines-artifact-manager-rhel8@sha256:13081f4ad404cd42ad93325165f5b3507d6b42da7f71ec48e13148ea853b88f1_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-ml-pipelines-artifact-manager-rhel8@sha256:13081f4ad404cd42ad93325165f5b3507d6b42da7f71ec48e13148ea853b88f1?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-ml-pipelines-artifact-manager-rhel8\u0026tag=v1.22.1-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-ml-pipelines-cache-rhel8@sha256:1cdc72b86da535c836cd20ea1c0408dbb8e007b83523306cc285fbfd0e437ee0_amd64",
                "product": {
                  "name": "rhods/odh-ml-pipelines-cache-rhel8@sha256:1cdc72b86da535c836cd20ea1c0408dbb8e007b83523306cc285fbfd0e437ee0_amd64",
                  "product_id": "rhods/odh-ml-pipelines-cache-rhel8@sha256:1cdc72b86da535c836cd20ea1c0408dbb8e007b83523306cc285fbfd0e437ee0_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-ml-pipelines-cache-rhel8@sha256:1cdc72b86da535c836cd20ea1c0408dbb8e007b83523306cc285fbfd0e437ee0?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-ml-pipelines-cache-rhel8\u0026tag=v1.22.1-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-ml-pipelines-persistenceagent-rhel8@sha256:fce177e2f18b9b74084166b9bd088713f0c26566969d42dcb6262eff27884b8b_amd64",
                "product": {
                  "name": "rhods/odh-ml-pipelines-persistenceagent-rhel8@sha256:fce177e2f18b9b74084166b9bd088713f0c26566969d42dcb6262eff27884b8b_amd64",
                  "product_id": "rhods/odh-ml-pipelines-persistenceagent-rhel8@sha256:fce177e2f18b9b74084166b9bd088713f0c26566969d42dcb6262eff27884b8b_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-ml-pipelines-persistenceagent-rhel8@sha256:fce177e2f18b9b74084166b9bd088713f0c26566969d42dcb6262eff27884b8b?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-ml-pipelines-persistenceagent-rhel8\u0026tag=v1.22.1-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-ml-pipelines-scheduledworkflow-rhel8@sha256:d9a5162b50d0f343136151cd57a234b15041bd0fbd0832829babc97541819625_amd64",
                "product": {
                  "name": "rhods/odh-ml-pipelines-scheduledworkflow-rhel8@sha256:d9a5162b50d0f343136151cd57a234b15041bd0fbd0832829babc97541819625_amd64",
                  "product_id": "rhods/odh-ml-pipelines-scheduledworkflow-rhel8@sha256:d9a5162b50d0f343136151cd57a234b15041bd0fbd0832829babc97541819625_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-ml-pipelines-scheduledworkflow-rhel8@sha256:d9a5162b50d0f343136151cd57a234b15041bd0fbd0832829babc97541819625?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-ml-pipelines-scheduledworkflow-rhel8\u0026tag=v1.22.1-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-ml-pipelines-viewercontroller-rhel8@sha256:d1e101b29ee29a739c3b35716346010f0277e3e167e45ee3f325d97a20dba85a_amd64",
                "product": {
                  "name": "rhods/odh-ml-pipelines-viewercontroller-rhel8@sha256:d1e101b29ee29a739c3b35716346010f0277e3e167e45ee3f325d97a20dba85a_amd64",
                  "product_id": "rhods/odh-ml-pipelines-viewercontroller-rhel8@sha256:d1e101b29ee29a739c3b35716346010f0277e3e167e45ee3f325d97a20dba85a_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-ml-pipelines-viewercontroller-rhel8@sha256:d1e101b29ee29a739c3b35716346010f0277e3e167e45ee3f325d97a20dba85a?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-ml-pipelines-viewercontroller-rhel8\u0026tag=v1.22.1-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-mm-rest-proxy-rhel8@sha256:a0cf21ad4c7834b3784a514496ec905d1a5d3c1e7ede650ef24ff73fbec953af_amd64",
                "product": {
                  "name": "rhods/odh-mm-rest-proxy-rhel8@sha256:a0cf21ad4c7834b3784a514496ec905d1a5d3c1e7ede650ef24ff73fbec953af_amd64",
                  "product_id": "rhods/odh-mm-rest-proxy-rhel8@sha256:a0cf21ad4c7834b3784a514496ec905d1a5d3c1e7ede650ef24ff73fbec953af_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-mm-rest-proxy-rhel8@sha256:a0cf21ad4c7834b3784a514496ec905d1a5d3c1e7ede650ef24ff73fbec953af?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-mm-rest-proxy-rhel8\u0026tag=v1.22.1-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-model-controller-rhel8@sha256:3401c44291f2256d50ea9fc3b2bccdcbb7bab0c838fd2c4cc9c2781869cd9900_amd64",
                "product": {
                  "name": "rhods/odh-model-controller-rhel8@sha256:3401c44291f2256d50ea9fc3b2bccdcbb7bab0c838fd2c4cc9c2781869cd9900_amd64",
                  "product_id": "rhods/odh-model-controller-rhel8@sha256:3401c44291f2256d50ea9fc3b2bccdcbb7bab0c838fd2c4cc9c2781869cd9900_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-model-controller-rhel8@sha256:3401c44291f2256d50ea9fc3b2bccdcbb7bab0c838fd2c4cc9c2781869cd9900?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-model-controller-rhel8\u0026tag=v1.22.1-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-modelmesh-rhel8@sha256:8b77b645e8a9119a83732e43be3aedfdfb5fdf691a50fc594e9efd7233406dd2_amd64",
                "product": {
                  "name": "rhods/odh-modelmesh-rhel8@sha256:8b77b645e8a9119a83732e43be3aedfdfb5fdf691a50fc594e9efd7233406dd2_amd64",
                  "product_id": "rhods/odh-modelmesh-rhel8@sha256:8b77b645e8a9119a83732e43be3aedfdfb5fdf691a50fc594e9efd7233406dd2_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-modelmesh-rhel8@sha256:8b77b645e8a9119a83732e43be3aedfdfb5fdf691a50fc594e9efd7233406dd2?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-modelmesh-rhel8\u0026tag=v1.22.1-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-modelmesh-runtime-adapter-rhel8@sha256:853ced3339b18a0594a8ed0d3ae58e6af2047a4ff0ca383a1412df3e52bd45db_amd64",
                "product": {
                  "name": "rhods/odh-modelmesh-runtime-adapter-rhel8@sha256:853ced3339b18a0594a8ed0d3ae58e6af2047a4ff0ca383a1412df3e52bd45db_amd64",
                  "product_id": "rhods/odh-modelmesh-runtime-adapter-rhel8@sha256:853ced3339b18a0594a8ed0d3ae58e6af2047a4ff0ca383a1412df3e52bd45db_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-modelmesh-runtime-adapter-rhel8@sha256:853ced3339b18a0594a8ed0d3ae58e6af2047a4ff0ca383a1412df3e52bd45db?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-modelmesh-runtime-adapter-rhel8\u0026tag=v1.22.1-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-modelmesh-serving-controller-rhel8@sha256:4794ee0f6f454f6f0231f4fc52b52b336a841555011888ae6610a0052010ad01_amd64",
                "product": {
                  "name": "rhods/odh-modelmesh-serving-controller-rhel8@sha256:4794ee0f6f454f6f0231f4fc52b52b336a841555011888ae6610a0052010ad01_amd64",
                  "product_id": "rhods/odh-modelmesh-serving-controller-rhel8@sha256:4794ee0f6f454f6f0231f4fc52b52b336a841555011888ae6610a0052010ad01_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-modelmesh-serving-controller-rhel8@sha256:4794ee0f6f454f6f0231f4fc52b52b336a841555011888ae6610a0052010ad01?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-modelmesh-serving-controller-rhel8\u0026tag=v1.22.1-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-notebook-controller-rhel8@sha256:a7bcc98f4f37785251fee8a7779364e6bcc6bc0f70eae94af8dd6e6bada04661_amd64",
                "product": {
                  "name": "rhods/odh-notebook-controller-rhel8@sha256:a7bcc98f4f37785251fee8a7779364e6bcc6bc0f70eae94af8dd6e6bada04661_amd64",
                  "product_id": "rhods/odh-notebook-controller-rhel8@sha256:a7bcc98f4f37785251fee8a7779364e6bcc6bc0f70eae94af8dd6e6bada04661_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-notebook-controller-rhel8@sha256:a7bcc98f4f37785251fee8a7779364e6bcc6bc0f70eae94af8dd6e6bada04661?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-notebook-controller-rhel8\u0026tag=v1.22.1-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-openvino-servingruntime-rhel8@sha256:e9a1a197ef46a2f3a88d92b4ec26ccbdb0c4b2673269a679b0b49190f3ff47ef_amd64",
                "product": {
                  "name": "rhods/odh-openvino-servingruntime-rhel8@sha256:e9a1a197ef46a2f3a88d92b4ec26ccbdb0c4b2673269a679b0b49190f3ff47ef_amd64",
                  "product_id": "rhods/odh-openvino-servingruntime-rhel8@sha256:e9a1a197ef46a2f3a88d92b4ec26ccbdb0c4b2673269a679b0b49190f3ff47ef_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-openvino-servingruntime-rhel8@sha256:e9a1a197ef46a2f3a88d92b4ec26ccbdb0c4b2673269a679b0b49190f3ff47ef?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-openvino-servingruntime-rhel8\u0026tag=v1.22.1-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-operator-base-rhel8@sha256:1d327a26882442e6889e6fda37231b9407fdc06bfb7c9edc2b3e9a4068d32f45_amd64",
                "product": {
                  "name": "rhods/odh-operator-base-rhel8@sha256:1d327a26882442e6889e6fda37231b9407fdc06bfb7c9edc2b3e9a4068d32f45_amd64",
                  "product_id": "rhods/odh-operator-base-rhel8@sha256:1d327a26882442e6889e6fda37231b9407fdc06bfb7c9edc2b3e9a4068d32f45_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-operator-base-rhel8@sha256:1d327a26882442e6889e6fda37231b9407fdc06bfb7c9edc2b3e9a4068d32f45?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-operator-base-rhel8\u0026tag=v1.22.1-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-operator-bundle@sha256:af98395b01e9f5228dae2121a0a4b24a3336298f7687a47bad13ecd84a081b9f_amd64",
                "product": {
                  "name": "rhods/odh-operator-bundle@sha256:af98395b01e9f5228dae2121a0a4b24a3336298f7687a47bad13ecd84a081b9f_amd64",
                  "product_id": "rhods/odh-operator-bundle@sha256:af98395b01e9f5228dae2121a0a4b24a3336298f7687a47bad13ecd84a081b9f_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-operator-bundle@sha256:af98395b01e9f5228dae2121a0a4b24a3336298f7687a47bad13ecd84a081b9f?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-operator-bundle\u0026tag=v1.22.1-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-rhel8-operator@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7_amd64",
                "product": {
                  "name": "rhods/odh-rhel8-operator@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7_amd64",
                  "product_id": "rhods/odh-rhel8-operator@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-rhel8-operator@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-rhel8-operator\u0026tag=v1.22.1-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-operator-rhel8@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7_amd64",
                "product": {
                  "name": "rhods/odh-operator-rhel8@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7_amd64",
                  "product_id": "rhods/odh-operator-rhel8@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-operator-rhel8@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-operator-rhel8\u0026tag=v1.22.1-2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-dashboard-rhel8@sha256:4bef816aa1278039efc725c890ebbf1cbe2621e5c041cc2e93931206eca7b3b5_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-dashboard-rhel8@sha256:4bef816aa1278039efc725c890ebbf1cbe2621e5c041cc2e93931206eca7b3b5_amd64"
        },
        "product_reference": "rhods/odh-dashboard-rhel8@sha256:4bef816aa1278039efc725c890ebbf1cbe2621e5c041cc2e93931206eca7b3b5_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-deployer-rhel8@sha256:0adad5f04668bd4f17df45f70de6e5951e1101d7910a9191469e844800ce3cdd_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-deployer-rhel8@sha256:0adad5f04668bd4f17df45f70de6e5951e1101d7910a9191469e844800ce3cdd_amd64"
        },
        "product_reference": "rhods/odh-deployer-rhel8@sha256:0adad5f04668bd4f17df45f70de6e5951e1101d7910a9191469e844800ce3cdd_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-kf-notebook-controller-rhel8@sha256:f9094d6f5e99cc0a0f1bab23148797acc398b9a2a66b565009a10ae7b21cbdea_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-kf-notebook-controller-rhel8@sha256:f9094d6f5e99cc0a0f1bab23148797acc398b9a2a66b565009a10ae7b21cbdea_amd64"
        },
        "product_reference": "rhods/odh-kf-notebook-controller-rhel8@sha256:f9094d6f5e99cc0a0f1bab23148797acc398b9a2a66b565009a10ae7b21cbdea_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-ml-pipelines-api-server-rhel8@sha256:02e0693e13aee738c1ae0d3970330f8621516d60dc9b289be62583d3f991736c_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-ml-pipelines-api-server-rhel8@sha256:02e0693e13aee738c1ae0d3970330f8621516d60dc9b289be62583d3f991736c_amd64"
        },
        "product_reference": "rhods/odh-ml-pipelines-api-server-rhel8@sha256:02e0693e13aee738c1ae0d3970330f8621516d60dc9b289be62583d3f991736c_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-ml-pipelines-artifact-manager-rhel8@sha256:13081f4ad404cd42ad93325165f5b3507d6b42da7f71ec48e13148ea853b88f1_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-ml-pipelines-artifact-manager-rhel8@sha256:13081f4ad404cd42ad93325165f5b3507d6b42da7f71ec48e13148ea853b88f1_amd64"
        },
        "product_reference": "rhods/odh-ml-pipelines-artifact-manager-rhel8@sha256:13081f4ad404cd42ad93325165f5b3507d6b42da7f71ec48e13148ea853b88f1_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-ml-pipelines-cache-rhel8@sha256:1cdc72b86da535c836cd20ea1c0408dbb8e007b83523306cc285fbfd0e437ee0_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-ml-pipelines-cache-rhel8@sha256:1cdc72b86da535c836cd20ea1c0408dbb8e007b83523306cc285fbfd0e437ee0_amd64"
        },
        "product_reference": "rhods/odh-ml-pipelines-cache-rhel8@sha256:1cdc72b86da535c836cd20ea1c0408dbb8e007b83523306cc285fbfd0e437ee0_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-ml-pipelines-persistenceagent-rhel8@sha256:fce177e2f18b9b74084166b9bd088713f0c26566969d42dcb6262eff27884b8b_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-ml-pipelines-persistenceagent-rhel8@sha256:fce177e2f18b9b74084166b9bd088713f0c26566969d42dcb6262eff27884b8b_amd64"
        },
        "product_reference": "rhods/odh-ml-pipelines-persistenceagent-rhel8@sha256:fce177e2f18b9b74084166b9bd088713f0c26566969d42dcb6262eff27884b8b_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-ml-pipelines-scheduledworkflow-rhel8@sha256:d9a5162b50d0f343136151cd57a234b15041bd0fbd0832829babc97541819625_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-ml-pipelines-scheduledworkflow-rhel8@sha256:d9a5162b50d0f343136151cd57a234b15041bd0fbd0832829babc97541819625_amd64"
        },
        "product_reference": "rhods/odh-ml-pipelines-scheduledworkflow-rhel8@sha256:d9a5162b50d0f343136151cd57a234b15041bd0fbd0832829babc97541819625_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-ml-pipelines-viewercontroller-rhel8@sha256:d1e101b29ee29a739c3b35716346010f0277e3e167e45ee3f325d97a20dba85a_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-ml-pipelines-viewercontroller-rhel8@sha256:d1e101b29ee29a739c3b35716346010f0277e3e167e45ee3f325d97a20dba85a_amd64"
        },
        "product_reference": "rhods/odh-ml-pipelines-viewercontroller-rhel8@sha256:d1e101b29ee29a739c3b35716346010f0277e3e167e45ee3f325d97a20dba85a_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-mm-rest-proxy-rhel8@sha256:a0cf21ad4c7834b3784a514496ec905d1a5d3c1e7ede650ef24ff73fbec953af_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-mm-rest-proxy-rhel8@sha256:a0cf21ad4c7834b3784a514496ec905d1a5d3c1e7ede650ef24ff73fbec953af_amd64"
        },
        "product_reference": "rhods/odh-mm-rest-proxy-rhel8@sha256:a0cf21ad4c7834b3784a514496ec905d1a5d3c1e7ede650ef24ff73fbec953af_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-model-controller-rhel8@sha256:3401c44291f2256d50ea9fc3b2bccdcbb7bab0c838fd2c4cc9c2781869cd9900_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-model-controller-rhel8@sha256:3401c44291f2256d50ea9fc3b2bccdcbb7bab0c838fd2c4cc9c2781869cd9900_amd64"
        },
        "product_reference": "rhods/odh-model-controller-rhel8@sha256:3401c44291f2256d50ea9fc3b2bccdcbb7bab0c838fd2c4cc9c2781869cd9900_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-modelmesh-rhel8@sha256:8b77b645e8a9119a83732e43be3aedfdfb5fdf691a50fc594e9efd7233406dd2_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-modelmesh-rhel8@sha256:8b77b645e8a9119a83732e43be3aedfdfb5fdf691a50fc594e9efd7233406dd2_amd64"
        },
        "product_reference": "rhods/odh-modelmesh-rhel8@sha256:8b77b645e8a9119a83732e43be3aedfdfb5fdf691a50fc594e9efd7233406dd2_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-modelmesh-runtime-adapter-rhel8@sha256:853ced3339b18a0594a8ed0d3ae58e6af2047a4ff0ca383a1412df3e52bd45db_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-modelmesh-runtime-adapter-rhel8@sha256:853ced3339b18a0594a8ed0d3ae58e6af2047a4ff0ca383a1412df3e52bd45db_amd64"
        },
        "product_reference": "rhods/odh-modelmesh-runtime-adapter-rhel8@sha256:853ced3339b18a0594a8ed0d3ae58e6af2047a4ff0ca383a1412df3e52bd45db_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-modelmesh-serving-controller-rhel8@sha256:4794ee0f6f454f6f0231f4fc52b52b336a841555011888ae6610a0052010ad01_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-modelmesh-serving-controller-rhel8@sha256:4794ee0f6f454f6f0231f4fc52b52b336a841555011888ae6610a0052010ad01_amd64"
        },
        "product_reference": "rhods/odh-modelmesh-serving-controller-rhel8@sha256:4794ee0f6f454f6f0231f4fc52b52b336a841555011888ae6610a0052010ad01_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-notebook-controller-rhel8@sha256:a7bcc98f4f37785251fee8a7779364e6bcc6bc0f70eae94af8dd6e6bada04661_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-notebook-controller-rhel8@sha256:a7bcc98f4f37785251fee8a7779364e6bcc6bc0f70eae94af8dd6e6bada04661_amd64"
        },
        "product_reference": "rhods/odh-notebook-controller-rhel8@sha256:a7bcc98f4f37785251fee8a7779364e6bcc6bc0f70eae94af8dd6e6bada04661_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-openvino-servingruntime-rhel8@sha256:e9a1a197ef46a2f3a88d92b4ec26ccbdb0c4b2673269a679b0b49190f3ff47ef_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-openvino-servingruntime-rhel8@sha256:e9a1a197ef46a2f3a88d92b4ec26ccbdb0c4b2673269a679b0b49190f3ff47ef_amd64"
        },
        "product_reference": "rhods/odh-openvino-servingruntime-rhel8@sha256:e9a1a197ef46a2f3a88d92b4ec26ccbdb0c4b2673269a679b0b49190f3ff47ef_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-operator-base-rhel8@sha256:1d327a26882442e6889e6fda37231b9407fdc06bfb7c9edc2b3e9a4068d32f45_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-operator-base-rhel8@sha256:1d327a26882442e6889e6fda37231b9407fdc06bfb7c9edc2b3e9a4068d32f45_amd64"
        },
        "product_reference": "rhods/odh-operator-base-rhel8@sha256:1d327a26882442e6889e6fda37231b9407fdc06bfb7c9edc2b3e9a4068d32f45_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-operator-bundle@sha256:af98395b01e9f5228dae2121a0a4b24a3336298f7687a47bad13ecd84a081b9f_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-operator-bundle@sha256:af98395b01e9f5228dae2121a0a4b24a3336298f7687a47bad13ecd84a081b9f_amd64"
        },
        "product_reference": "rhods/odh-operator-bundle@sha256:af98395b01e9f5228dae2121a0a4b24a3336298f7687a47bad13ecd84a081b9f_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-operator-rhel8@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-operator-rhel8@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7_amd64"
        },
        "product_reference": "rhods/odh-operator-rhel8@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-rhel8-operator@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7_amd64 as a component of RHODS-1.22-RHEL-8",
          "product_id": "8Base-RHODS-1.22:rhods/odh-rhel8-operator@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7_amd64"
        },
        "product_reference": "rhods/odh-rhel8-operator@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7_amd64",
        "relates_to_product_reference": "8Base-RHODS-1.22"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-0923",
      "cwe": {
        "id": "CWE-862",
        "name": "Missing Authorization"
      },
      "discovery_date": "2023-02-20T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHODS-1.22:rhods/odh-dashboard-rhel8@sha256:4bef816aa1278039efc725c890ebbf1cbe2621e5c041cc2e93931206eca7b3b5_amd64",
            "8Base-RHODS-1.22:rhods/odh-deployer-rhel8@sha256:0adad5f04668bd4f17df45f70de6e5951e1101d7910a9191469e844800ce3cdd_amd64",
            "8Base-RHODS-1.22:rhods/odh-kf-notebook-controller-rhel8@sha256:f9094d6f5e99cc0a0f1bab23148797acc398b9a2a66b565009a10ae7b21cbdea_amd64",
            "8Base-RHODS-1.22:rhods/odh-ml-pipelines-api-server-rhel8@sha256:02e0693e13aee738c1ae0d3970330f8621516d60dc9b289be62583d3f991736c_amd64",
            "8Base-RHODS-1.22:rhods/odh-ml-pipelines-artifact-manager-rhel8@sha256:13081f4ad404cd42ad93325165f5b3507d6b42da7f71ec48e13148ea853b88f1_amd64",
            "8Base-RHODS-1.22:rhods/odh-ml-pipelines-cache-rhel8@sha256:1cdc72b86da535c836cd20ea1c0408dbb8e007b83523306cc285fbfd0e437ee0_amd64",
            "8Base-RHODS-1.22:rhods/odh-ml-pipelines-persistenceagent-rhel8@sha256:fce177e2f18b9b74084166b9bd088713f0c26566969d42dcb6262eff27884b8b_amd64",
            "8Base-RHODS-1.22:rhods/odh-ml-pipelines-scheduledworkflow-rhel8@sha256:d9a5162b50d0f343136151cd57a234b15041bd0fbd0832829babc97541819625_amd64",
            "8Base-RHODS-1.22:rhods/odh-ml-pipelines-viewercontroller-rhel8@sha256:d1e101b29ee29a739c3b35716346010f0277e3e167e45ee3f325d97a20dba85a_amd64",
            "8Base-RHODS-1.22:rhods/odh-mm-rest-proxy-rhel8@sha256:a0cf21ad4c7834b3784a514496ec905d1a5d3c1e7ede650ef24ff73fbec953af_amd64",
            "8Base-RHODS-1.22:rhods/odh-model-controller-rhel8@sha256:3401c44291f2256d50ea9fc3b2bccdcbb7bab0c838fd2c4cc9c2781869cd9900_amd64",
            "8Base-RHODS-1.22:rhods/odh-modelmesh-rhel8@sha256:8b77b645e8a9119a83732e43be3aedfdfb5fdf691a50fc594e9efd7233406dd2_amd64",
            "8Base-RHODS-1.22:rhods/odh-modelmesh-runtime-adapter-rhel8@sha256:853ced3339b18a0594a8ed0d3ae58e6af2047a4ff0ca383a1412df3e52bd45db_amd64",
            "8Base-RHODS-1.22:rhods/odh-modelmesh-serving-controller-rhel8@sha256:4794ee0f6f454f6f0231f4fc52b52b336a841555011888ae6610a0052010ad01_amd64",
            "8Base-RHODS-1.22:rhods/odh-openvino-servingruntime-rhel8@sha256:e9a1a197ef46a2f3a88d92b4ec26ccbdb0c4b2673269a679b0b49190f3ff47ef_amd64",
            "8Base-RHODS-1.22:rhods/odh-operator-base-rhel8@sha256:1d327a26882442e6889e6fda37231b9407fdc06bfb7c9edc2b3e9a4068d32f45_amd64",
            "8Base-RHODS-1.22:rhods/odh-operator-bundle@sha256:af98395b01e9f5228dae2121a0a4b24a3336298f7687a47bad13ecd84a081b9f_amd64",
            "8Base-RHODS-1.22:rhods/odh-operator-rhel8@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7_amd64",
            "8Base-RHODS-1.22:rhods/odh-rhel8-operator@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2171870"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "odh-notebook-controller-container: Missing authorization allows for file contents disclosure",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHODS-1.22:rhods/odh-notebook-controller-rhel8@sha256:a7bcc98f4f37785251fee8a7779364e6bcc6bc0f70eae94af8dd6e6bada04661_amd64"
        ],
        "known_not_affected": [
          "8Base-RHODS-1.22:rhods/odh-dashboard-rhel8@sha256:4bef816aa1278039efc725c890ebbf1cbe2621e5c041cc2e93931206eca7b3b5_amd64",
          "8Base-RHODS-1.22:rhods/odh-deployer-rhel8@sha256:0adad5f04668bd4f17df45f70de6e5951e1101d7910a9191469e844800ce3cdd_amd64",
          "8Base-RHODS-1.22:rhods/odh-kf-notebook-controller-rhel8@sha256:f9094d6f5e99cc0a0f1bab23148797acc398b9a2a66b565009a10ae7b21cbdea_amd64",
          "8Base-RHODS-1.22:rhods/odh-ml-pipelines-api-server-rhel8@sha256:02e0693e13aee738c1ae0d3970330f8621516d60dc9b289be62583d3f991736c_amd64",
          "8Base-RHODS-1.22:rhods/odh-ml-pipelines-artifact-manager-rhel8@sha256:13081f4ad404cd42ad93325165f5b3507d6b42da7f71ec48e13148ea853b88f1_amd64",
          "8Base-RHODS-1.22:rhods/odh-ml-pipelines-cache-rhel8@sha256:1cdc72b86da535c836cd20ea1c0408dbb8e007b83523306cc285fbfd0e437ee0_amd64",
          "8Base-RHODS-1.22:rhods/odh-ml-pipelines-persistenceagent-rhel8@sha256:fce177e2f18b9b74084166b9bd088713f0c26566969d42dcb6262eff27884b8b_amd64",
          "8Base-RHODS-1.22:rhods/odh-ml-pipelines-scheduledworkflow-rhel8@sha256:d9a5162b50d0f343136151cd57a234b15041bd0fbd0832829babc97541819625_amd64",
          "8Base-RHODS-1.22:rhods/odh-ml-pipelines-viewercontroller-rhel8@sha256:d1e101b29ee29a739c3b35716346010f0277e3e167e45ee3f325d97a20dba85a_amd64",
          "8Base-RHODS-1.22:rhods/odh-mm-rest-proxy-rhel8@sha256:a0cf21ad4c7834b3784a514496ec905d1a5d3c1e7ede650ef24ff73fbec953af_amd64",
          "8Base-RHODS-1.22:rhods/odh-model-controller-rhel8@sha256:3401c44291f2256d50ea9fc3b2bccdcbb7bab0c838fd2c4cc9c2781869cd9900_amd64",
          "8Base-RHODS-1.22:rhods/odh-modelmesh-rhel8@sha256:8b77b645e8a9119a83732e43be3aedfdfb5fdf691a50fc594e9efd7233406dd2_amd64",
          "8Base-RHODS-1.22:rhods/odh-modelmesh-runtime-adapter-rhel8@sha256:853ced3339b18a0594a8ed0d3ae58e6af2047a4ff0ca383a1412df3e52bd45db_amd64",
          "8Base-RHODS-1.22:rhods/odh-modelmesh-serving-controller-rhel8@sha256:4794ee0f6f454f6f0231f4fc52b52b336a841555011888ae6610a0052010ad01_amd64",
          "8Base-RHODS-1.22:rhods/odh-openvino-servingruntime-rhel8@sha256:e9a1a197ef46a2f3a88d92b4ec26ccbdb0c4b2673269a679b0b49190f3ff47ef_amd64",
          "8Base-RHODS-1.22:rhods/odh-operator-base-rhel8@sha256:1d327a26882442e6889e6fda37231b9407fdc06bfb7c9edc2b3e9a4068d32f45_amd64",
          "8Base-RHODS-1.22:rhods/odh-operator-bundle@sha256:af98395b01e9f5228dae2121a0a4b24a3336298f7687a47bad13ecd84a081b9f_amd64",
          "8Base-RHODS-1.22:rhods/odh-operator-rhel8@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7_amd64",
          "8Base-RHODS-1.22:rhods/odh-rhel8-operator@sha256:3f44aadb434f46774514af34293bc0ac02b79c90baacdb0c0591fd6b56291eb7_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-0923"
        },
        {
          "category": "external",
          "summary": "RHBZ#2171870",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171870"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-0923",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-0923"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0923",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0923"
        }
      ],
      "release_date": "2023-02-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-02-28T08:31:43+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHODS-1.22:rhods/odh-notebook-controller-rhel8@sha256:a7bcc98f4f37785251fee8a7779364e6bcc6bc0f70eae94af8dd6e6bada04661_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:0977"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHODS-1.22:rhods/odh-notebook-controller-rhel8@sha256:a7bcc98f4f37785251fee8a7779364e6bcc6bc0f70eae94af8dd6e6bada04661_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "odh-notebook-controller-container: Missing authorization allows for file contents disclosure"
    }
  ]
}

cve-2023-0923

Vulnerability from cvelistv5

Published

2023-09-15 20:16

Modified

2024-08-02 05:24

Severity ?

8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues.

References

▼	URL	Tags
	https://access.redhat.com/errata/RHSA-2023:0977	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2023-0923	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2171870	issue-tracking, x_refsource_REDHAT

Impacted products

Vendor

Product

Version

▼

Red Hat

RHODS-1.22-RHEL-8

Unaffected: v1.22.1-3 < *
cpe:/a:redhat:openshift_data_science:1.22::el8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-0923",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-03T18:22:46.958500Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:27:29.238Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:24:34.705Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2023:0977",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2023:0977"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-0923"
          },
          {
            "name": "RHBZ#2171870",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171870"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_science:1.22::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhods/odh-notebook-controller-rhel8",
          "product": "RHODS-1.22-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v1.22.1-3",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "datePublic": "2023-02-28T00:00:00+00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-03T15:32:32.226Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2023:0977",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2023:0977"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-0923"
        },
        {
          "name": "RHBZ#2171870",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171870"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-02-20T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-02-28T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Odh-notebook-controller-container: missing authorization allows for file contents disclosure",
      "x_redhatCweChain": "CWE-862: Missing Authorization"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-0923",
    "datePublished": "2023-09-15T20:16:04.935Z",
    "dateReserved": "2023-02-20T16:54:05.559Z",
    "dateUpdated": "2024-08-02T05:24:34.705Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted