Inseefrlab Onyxia vulnerabilities
2 known vulnerabilities affecting inseefrlab/onyxia.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2025-58366P2CRITICALCVSS 9.4v>= 4.6.0, < 4.9.02025-09-05
CVE-2025-58366 [CRITICAL] CWE-522 CVE-2025-58366: Onyxia is a data science environment for kubernetes. In versions 4.6.0 through 4.8.0, Onyxia-API lea
Onyxia is a data science environment for kubernetes. In versions 4.6.0 through 4.8.0, Onyxia-API leaked the credentials of private helm repositories in the public (unauthenticated) /public/catalogs endpoint.vOnly instances using private helm repositories (i.e setting username & password in the catalogs configuration) are affected. This is fixed in
nvd
CVE-2024-56333P3CRITICALCVSS 9.4fixed in 2.8.2v>= 3.0.0, < 3.1.1+1 more2024-12-20
CVE-2024-56333 [CRITICAL] CWE-94 CVE-2024-56333: Onyxia is a web app that aims at being the glue between multiple open source backend technologies to
Onyxia is a web app that aims at being the glue between multiple open source backend technologies to provide a state of art working environment for data scientists. This critical vulnerability allows authenticated users to remotely execute code within the Onyxia-API, leading to potential consequences such as unauthorized access to other user enviro
nvd