Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Onyxia private helm repository credentials are leaked through unauthenticated API
Vulnerability Description
Onyxia is a data science environment for kubernetes. In versions 4.6.0 through 4.8.0, Onyxia-API leaked the credentials of private helm repositories in the public (unauthenticated) /public/catalogs endpoint.vOnly instances using private helm repositories (i.e setting username & password in the catalogs configuration) are affected. This is fixed in version 4.9.0.
CVSS Information
N/A
Vulnerability Type
不充分的凭证保护机制
Vulnerability Title
Onyxia 安全漏洞
Vulnerability Description
Onyxia是InseeFrLab开源的一款网络应用程序,旨在成为多种开源后端技术之间的粘合剂。 Onyxia 4.8.0及之前版本存在安全漏洞,该漏洞源于凭证泄露,可能导致敏感信息暴露。
CVSS Information
N/A
Vulnerability Type
N/A