CVE-2024-56333

This vulnerability is critical.

Description

This critical vulnerability allows authenticated users to remotely execute code within the Onyxia-API, leading to potential consequences such as unauthorized access to other user environments and denial of service attacks.

Remediation

Patches for Major Version of the helm chart of Onyxia

Versions 7 and below are no longer supported. Upgrade to a newer version to resolve this issue.

Version 8 is built on Onyxia API v2.x. To update, use Onyxia chart v8.27.16 and explicitly set the API tag to v2.8.2 or after

Version 9 is built on Onyxia API v3.x. To update, use Onyxia chart v9.2.1 and explicitly set the API tag to v3.1.1 or after

Version 10 is built on Onyxia API v4.x. You can use Onyxia chart v10.4.0 and after.

Details

For version 8 and 9 you need to modify the `values.yaml`

values-v9.yaml

  api:
    image:
      tag: "v3.1.1"

values-v8.yaml

  api:
    image:
      tag: "v2.8.2"

Last updated 2 days ago