Onyxia is a data science environment for kubernetes. In versions 4.6.0 through 4.8.0, Onyxia-API leaked the credentials of private helm repositories in the public (unauthenticated) /public/catalogs endpoint. Only instances using private helm repositories (i.e setting username & password in the catalogs configuration) are affected. This is fixed in version 4.9.0.
Remediation
Patches for Major Version of the helm chart of Onyxia
You can use Onyxia chart v10.28.0 and after to have at least an api version 4.9.0 at least
