CVE-2023-3361

Name: CVE-2023-3361
Creator: NVD / NIST
Published: 2023-10-04T12:15:10.567+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 0.47%

Last modified Jun 17, 2026

CVE-2023-3361 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. A flaw was found in Red Hat OpenShift Data Science. When exporting a pipeline from the Elyra notebook pipeline editor as Python DSL or YAML, it reads S3 credentials from the cluster (ds pipeline server) and saves them in plain text in the generated output instead of an ID for a Kubernetes secret.. EPSS estimates a 0.47% chance of exploitation in the next 30 days.

Description

A flaw was found in Red Hat OpenShift Data Science. When exporting a pipeline from the Elyra notebook pipeline editor as Python DSL or YAML, it reads S3 credentials from the cluster (ds pipeline server) and saves them in plain text in the generated output instead of an ID for a Kubernetes secret.

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Probability

0.47%

37.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Opendatahub	Open Data Hub Dashboard	< 1.28.1
Redhat	Openshift Data Science	All versions

References

https://access.redhat.com/security/cve/CVE-2023-3361Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2216588Issue Tracking, Third Party Advisory
https://github.com/opendatahub-io/odh-dashboard/issues/1415Issue Tracking
https://access.redhat.com/security/cve/CVE-2023-3361Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2216588Issue Tracking, Third Party Advisory
https://github.com/opendatahub-io/odh-dashboard/issues/1415Issue Tracking

Timeline

Published: Oct 4, 2023
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2023-3361?

How severe is CVE-2023-3361?

CVE-2023-3361 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 0.47% probability of exploitation in the next 30 days.

How do I fix CVE-2023-3361?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-3361?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST