Red Hat Openshift Data Science
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Red Hat Openshift Data Science.
Recent Red Hat Openshift Data Science Security Advisories
| Advisory | Title | Published |
|---|---|---|
| RHSA-2023:0977 | (RHSA-2023:0977) Important: Red Hat OpenShift Data Science 1.22.1 security update | February 28, 2023 |
By the Year
In 2026 there have been 0 vulnerabilities in Red Hat Openshift Data Science. Openshift Data Science did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 1 | 8.80 |
| 2023 | 2 | 7.50 |
It may take a day or so for new Openshift Data Science vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Openshift Data Science Security Vulnerabilities
OpenShift AI Auth Bypass & Priv Esc Vulnerability
CVE-2024-7557
8.8 - High
- August 12, 2024
A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation across models within the same namespace. When deploying AI models, the UI provides the option to protect models with authentication. However, credentials from one model can be used to access other models and APIs within the same namespace. The exposed ServiceAccount tokens, visible in the UI, can be utilized with oc --token={token} to exploit the elevated view privileges associated with the ServiceAccount, leading to unauthorized access to additional resources.
Authorization
HTTP/2 DoS via Stream Reset in nginx
CVE-2023-44487
7.5 - High
- October 10, 2023
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Resource Exhaustion
Red Hat OpenShift Data Science: Plain-Text S3 Cred Leak via Elyra Export
CVE-2023-3361
7.5 - High
- October 04, 2023
A flaw was found in Red Hat OpenShift Data Science. When exporting a pipeline from the Elyra notebook pipeline editor as Python DSL or YAML, it reads S3 credentials from the cluster (ds pipeline server) and saves them in plain text in the generated output instead of an ID for a Kubernetes secret.
Cleartext Transmission of Sensitive Information
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Openshift Data Science or by Red Hat? Click the Watch button to subscribe.
