Kubernetes
CVE-2024-7557
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation across models within the same namespace. When deploying AI models, the UI provides the option to protect models with authentication. However, credentials from one model can be used to access other models and APIs within the same namespace. The exposed ServiceAccount tokens, visible in the UI, can be utilized with oc --token={token} to exploit the elevated view privileges associated with the ServiceAccount, leading to unauthorized access to additional resources.
AnalysisAI
A critical authentication bypass vulnerability exists in Red Hat OpenShift AI/OpenShift Data Science that allows attackers to escalate privileges and access multiple AI models within the same namespace using credentials from any single authenticated model. The vulnerability stems from ServiceAccount tokens being exposed in the UI, which can be exploited to gain unauthorized access to other models and APIs in the namespace with elevated view privileges. With an EPSS score of 0.10% and no current KEV listing, the vulnerability has relatively low real-world exploitation activity despite its high CVSS score of 8.8.
Technical ContextAI
The vulnerability affects Red Hat OpenShift AI (formerly OpenShift Data Science) as identified by CPE cpe:2.3:a:redhat:openshift_ai:-:*:*:*:*:*:*:* and cpe:2.3:a:redhat:openshift_data_science:-:*:*:*:*:*:*:*. The issue is classified as CWE-305 (Authentication Bypass by Primary Weakness), indicating a fundamental flaw in how the platform validates authentication tokens across different models within a namespace. When deploying AI models through the UI with authentication protection enabled, the system improperly shares ServiceAccount tokens across all models in the same namespace, effectively breaking the intended isolation between protected models.
RemediationAI
Apply the patch provided in the opendatahub-io/odh-dashboard GitHub repository pull request #3198 (https://github.com/opendatahub-io/odh-dashboard/pull/3198) which addresses the authentication bypass issue. Organizations should review the Red Hat security advisory at https://access.redhat.com/security/cve/CVE-2024-7557 for specific version updates and patch availability. As an immediate mitigation, limit access to the OpenShift AI UI to trusted users only, implement namespace-level RBAC policies to restrict ServiceAccount permissions, and monitor for unusual cross-model access patterns using OpenShift audit logs.
More in Kubernetes
View allA critical vulnerability in Kubernetes ingress-nginx controller allows unauthenticated attackers with pod network access
Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio
Kubernetes ingress-nginx contains a configuration injection vulnerability via the mirror-target and mirror-host Ingress
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingres
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-c
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.exter
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.9), this vulne
The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4
Kyverno Kubernetes policy engine prior to 1.x has a privilege escalation vulnerability (CVSS 9.9) allowing policy bypass
Kamaji is the Hosted Control Plane Manager for Kubernetes. Rated critical severity (CVSS 9.9), this vulnerability is rem
Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, ref
String filter bypass in Inspektor Gadget Kubernetes eBPF tooling before fix. Insufficient string escaping enables filter
Same weakness CWE-305 – Authentication Bypass by Primary Weakness
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today