cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-7557,https://securityvulnerability.io/vulnerability/CVE-2024-7557,Authentication Bypass and Privilege Escalation Vulnerability in OpenShift AI,"In OpenShift AI, a vulnerability exists that permits authentication bypass and privilege escalation across models within the same namespace. This concern arises during AI model deployment, where the user interface allows the configuration of authentication for models. Unfortunately, tokens from one model are inadvertently usable for accessing other models and APIs within the same namespace. The vulnerability is exacerbated by the exposure of ServiceAccount tokens in the UI, enabling malicious users to exploit these tokens through commands like 'oc --token={token}', thereby gaining unauthorized access to resources and elevating privileges significantly.",Red Hat,"Red Hat Openshift Ai (rhoai),Red Hat Openshift Data Science (rhods)",8.8,HIGH,0.0005000000237487257,false,false,false,false,,false,false,2024-08-12T13:38:00.000Z,0
CVE-2023-3361,https://securityvulnerability.io/vulnerability/CVE-2023-3361,S3 credentials included when exporting elyra notebook,"A vulnerability exists in Red Hat OpenShift Data Science that compromises the security of S3 credentials during the export of pipelines from the Elyra notebook pipeline editor. When exporting as Python DSL or YAML, the system erroneously saves sensitive S3 credentials in plain text within the generated output. This occurs instead of using an identifier for a stored Kubernetes secret, leading to potential unauthorized access to sensitive data.",Red Hat,"Odh-dashboard,Red Hat Openshift Data Science (rhods)",7.7,HIGH,0.0010499999625608325,false,false,false,false,,false,false,2023-10-04T12:15:00.000Z,0