Impact
This critical vulnerability allows authenticated users to remotely execute code within the Onyxia-API, leading to potential consequences such as unauthorized access to other user environments and denial of service attacks.
Patches for Major Versions of the Helm Chart of Onyxia
| Onyxia Version |
API Version |
Helm Chart Version |
API Tag |
| 7 and below |
Unsupported |
No longer supported |
- |
| 8 |
v2.x |
v8.27.16 |
v2.8.2 or later |
| 9 |
v3.x |
v9.2.1 |
v3.1.1 or later |
| 10 |
v4.x |
v10.4.0 and after |
- |
Workarounds
There is no known workaround for this vulnerability.
The only remediation is to upgrade to one of the API version listed above.
References
https://docs.onyxia.sh/vulnerability-disclosure/known-vulnerabilities/vulnerability-20241219
nicolst Finder
Impact
This critical vulnerability allows authenticated users to remotely execute code within the Onyxia-API, leading to potential consequences such as unauthorized access to other user environments and denial of service attacks.
Patches for Major Versions of the Helm Chart of Onyxia
Workarounds
There is no known workaround for this vulnerability.
The only remediation is to upgrade to one of the API version listed above.
References
https://docs.onyxia.sh/vulnerability-disclosure/known-vulnerabilities/vulnerability-20241219