CVE-2024-7557

HIGH
2024-08-12 [email protected]
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 19, 2026 - 17:30 vuln.today
CVE Published
Aug 12, 2024 - 13:38 nvd
HIGH 8.8

Tags

Authentication Bypass Privilege Escalation Information Disclosure Kubernetes Redhat

Description

A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation across models within the same namespace. When deploying AI models, the UI provides the option to protect models with authentication. However, credentials from one model can be used to access other models and APIs within the same namespace. The exposed ServiceAccount tokens, visible in the UI, can be utilized with oc --token={token} to exploit the elevated view privileges associated with the ServiceAccount, leading to unauthorized access to additional resources.

Analysis

A critical authentication bypass vulnerability exists in Red Hat OpenShift AI/OpenShift Data Science that allows attackers to escalate privileges and access multiple AI models within the same namespace using credentials from any single authenticated model. The vulnerability stems from ServiceAccount tokens being exposed in the UI, which can be exploited to gain unauthorized access to other models and APIs in the namespace with elevated view privileges. With an EPSS score of 0.10% and no current KEV listing, the vulnerability has relatively low real-world exploitation activity despite its high CVSS score of 8.8.

Technical Context

The vulnerability affects Red Hat OpenShift AI (formerly OpenShift Data Science) as identified by CPE cpe:2.3:a:redhat:openshift_ai:-:*:*:*:*:*:*:* and cpe:2.3:a:redhat:openshift_data_science:-:*:*:*:*:*:*:*. The issue is classified as CWE-305 (Authentication Bypass by Primary Weakness), indicating a fundamental flaw in how the platform validates authentication tokens across different models within a namespace. When deploying AI models through the UI with authentication protection enabled, the system improperly shares ServiceAccount tokens across all models in the same namespace, effectively breaking the intended isolation between protected models.

Affected Products

Red Hat OpenShift AI (all versions) and Red Hat OpenShift Data Science (all versions) are affected by this vulnerability, as indicated by the CPE identifiers cpe:2.3:a:redhat:openshift_ai:-:*:*:*:*:*:*:* and cpe:2.3:a:redhat:openshift_data_science:-:*:*:*:*:*:*:*. The vulnerability was reported by Red Hat's security team ([email protected]) and is tracked in Red Hat Bugzilla as bug 2303094. Additional details are available in the Red Hat security advisory at https://access.redhat.com/security/cve/CVE-2024-7557.

Remediation

Apply the patch provided in the opendatahub-io/odh-dashboard GitHub repository pull request #3198 (https://github.com/opendatahub-io/odh-dashboard/pull/3198) which addresses the authentication bypass issue. Organizations should review the Red Hat security advisory at https://access.redhat.com/security/cve/CVE-2024-7557 for specific version updates and patch availability. As an immediate mitigation, limit access to the OpenShift AI UI to trusted users only, implement namespace-level RBAC policies to restrict ServiceAccount permissions, and monitor for unusual cross-model access patterns using OpenShift audit logs.

Priority Score

44
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +44
POC: 0

Share

CVE-2024-7557 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy