Browse all 4 CVE security advisories affecting kubeflow. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Kubeflow serves as an open-source platform for deploying, managing, and scaling machine learning workflows on Kubernetes. Historically, it has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from misconfigurations or insecure default settings. While no major public security incidents have been widely reported, the platform's complexity increases its attack surface. With four CVEs currently documented, users must prioritize proper configuration, regular updates, and network segmentation to mitigate risks. Its integration with multiple components creates potential chaining vulnerabilities, making security-by-design principles essential for production deployments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-9526 | Stored XSS in Kubeflow Pipeline View — Kubeflow Pipeline ViewCWE-79 | 5.4AI | MediumAI | 2024-11-18 |
| CVE-2024-5552 | ReDoS in kubeflow/kubeflow — kubeflow/kubeflowCWE-1333 | 7.5AI | HighAI | 2024-06-06 |
| CVE-2023-6571 | Cross-site Scripting (XSS) - Reflected in kubeflow/kubeflow — kubeflow/kubeflowCWE-79 | 6.1AI | MediumAI | 2023-12-14 |
| CVE-2023-6570 | Server-Side Request Forgery (SSRF) in kubeflow/kubeflow — kubeflow/kubeflowCWE-918 | 9.1AI | CriticalAI | 2023-12-14 |
This page lists every published CVE security advisory associated with kubeflow. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.