CVE-2024-7557

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 12, 2024

Updated: Sep 18, 2024

CWE ID 284

Summary

CVE-2024-7557 is a newly discovered vulnerability in OpenShift AI that enables authentication bypass and privilege escalation. Despite the UI offering model protection through authentication, credentials from one model can grant access to other models and related APIs within the same namespace. Exposed ServiceAccount tokens, visible in the UI, can be exploited using oc --token={token}, resulting in unauthorized access to additional resources and elevated privileges.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Red Hat OpenShift Data Science
RedHat Openshift AI

Affected Vendors

Red Hat

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/xiyfzT
https://www.cve.org/CVERecord?id=CVE-2024-7557
https://nvd.nist.gov/vuln/detail/CVE-2024-7557

Back to Vulnerability Database