CVE-2024-7557

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 12, 2024
Updated: Sep 18, 2024
CWE ID 284

Summary

CVE-2024-7557 is a newly discovered vulnerability in OpenShift AI that enables authentication bypass and privilege escalation. Despite the UI offering model protection through authentication, credentials from one model can grant access to other models and related APIs within the same namespace. Exposed ServiceAccount tokens, visible in the UI, can be exploited using oc --token={token}, resulting in unauthorized access to additional resources and elevated privileges.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Red Hat OpenShift Data Science
  • RedHat Openshift AI

Affected Vendors

  • Red Hat