2216588 – (CVE-2023-3361) CVE-2023-3361 odh-dashboard: s3 credentials included when exporting elyra notebook

Bug 2216588 (CVE-2023-3361) - CVE-2023-3361 odh-dashboard: s3 credentials included when exporting elyra notebook

Summary: CVE-2023-3361 odh-dashboard: s3 credentials included when exporting elyra not...

Keywords:
Status:	NEW
Alias:	CVE-2023-3361
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2216589
TreeView+	depends on / blocked

Reported:	2023-06-21 23:52 UTC by Anten Skrabec
Modified:	2023-10-16 20:58 UTC (History)
CC List:	1 user (show)
Fixed In Version:	odh-dashboard 1.28.1
Doc Type:	---
Doc Text:	A flaw was found in Red Hat OpenShift Data Science. When exporting a pipeline from the Elyra notebook pipeline editor as Python DSL or YAML, it reads S3 credentials from the cluster (ds pipeline server) and saves them in plain text in the generated output instead of an ID for a Kubernetes secret.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Anten Skrabec 2023-06-21 23:52:01 UTC

Exporting a pipeline from RHODS Elyra notebook pipeline editor as Python DSL or YAML reads S3 credentials from the cluster (ds pipeline server) and saves them in plain text in the generated output.

Note You need to log in before you can comment on or make changes to this bug.