Metrics
Affected Vendors & Products
Wed, 18 Sep 2024 14:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | threat_severity 
 | threat_severity 
 | 
Wed, 18 Sep 2024 06:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | cvssV3_1 
 | cvssV3_1 
 | 
Tue, 13 Aug 2024 17:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Weaknesses | NVD-CWE-Other | |
| CPEs | cpe:2.3:a:redhat:openshift_ai:-:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_data_science:-:*:*:*:*:*:*:* | 
Fri, 09 Aug 2024 14:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | ssvc 
 | 
Thu, 08 Aug 2024 21:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | No description is available for this CVE. | A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation across models within the same namespace. When deploying AI models, the UI provides the option to protect models with authentication. However, credentials from one model can be used to access other models and APIs within the same namespace. The exposed ServiceAccount tokens, visible in the UI, can be utilized with oc --token={token} to exploit the elevated view privileges associated with the ServiceAccount, leading to unauthorized access to additional resources. | 
| Title | odh-dashboard: odh-model-controller: Cross-Model Authentication Bypass in OpenShift AI | Odh-dashboard: odh-model-controller: cross-model authentication bypass in openshift ai | 
| First Time appeared | Redhat Redhat openshift Ai Redhat openshift Data Science | |
| CPEs | cpe:/a:redhat:openshift_ai cpe:/a:redhat:openshift_data_science | |
| Vendors & Products | Redhat Redhat openshift Ai Redhat openshift Data Science | |
| References |  | 
Wed, 07 Aug 2024 13:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | No description is available for this CVE. | |
| Title | odh-dashboard: odh-model-controller: Cross-Model Authentication Bypass in OpenShift AI | |
| Weaknesses | CWE-200 CWE-284 | |
| References |  | |
| Metrics | threat_severity 
 | cvssV3_1 
 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: redhat
Published: 2024-08-08T21:33:14.505Z
Updated: 2025-09-12T10:59:28.581Z
Reserved: 2024-08-06T11:08:34.986Z
Link: CVE-2024-7557
 Vulnrichment
                        Vulnrichment
                    Updated: 2024-08-09T13:52:17.412Z
 NVD
                        NVD
                    Status : Modified
Published: 2024-08-12T13:38:43.727
Modified: 2024-09-18T07:15:04.293
Link: CVE-2024-7557
 Redhat
                        Redhat
                     ReportizFlow
ReportizFlow