CVE-2024-7557
published 2024-08-12CVE-2024-7557: A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation across models within the same namespace. When…
PriorityP261high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.93%
56.2th percentile
A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation across models within the same namespace. When deploying AI models, the UI provides the option to protect models with authentication. However, credentials from one model can be used to access other models and APIs within the same namespace. The exposed ServiceAccount tokens, visible in the UI, can be utilized with oc --token={token} to exploit the elevated view privileges associated with the ServiceAccount, leading to unauthorized access to additional resources.
Detection & IOCsextracted from sources · hover to see the quote
- →Detect use of ServiceAccount tokens exposed via the OpenShift AI UI being leveraged with the oc CLI to access resources beyond the originating model, indicating cross-model authentication bypass ↗
- →Monitor for ServiceAccount tokens from one model namespace being reused to authenticate against other models or APIs within the same namespace, which is the core exploitation pattern for this CVE ↗
- →Alert on lateral movement patterns where a single ServiceAccount token is used to access multiple distinct model endpoints or Kubernetes API resources within the same namespace, indicating privilege escalation ↗
- ·Affected components are odh-dashboard-container and odh-model-controller-container in Red Hat OpenShift AI (RHOAI); rhods/odh-model-controller-rhel8 in RHODS is also affected. rhods/odh-dashboard-rhel8 (RHODS) is marked 'Will not fix'. ↗
- ·No mitigation is currently available that meets Red Hat Product Security criteria; defenders should rely on detection and monitoring rather than configuration-based remediation. ↗
- ·The vulnerability is scoped to models within the same namespace; cross-namespace exploitation is not described. Detection logic should be namespace-aware. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
odh-dashboard: odh-model-controller: Cross-Model Authentication Bypass in OpenShift AI
vendor_redhat·2024-08-07·CVSS 8.8
CVE-2024-7557 [HIGH] CWE-305 odh-dashboard: odh-model-controller: Cross-Model Authentication Bypass in OpenShift AI
odh-dashboard: odh-model-controller: Cross-Model Authentication Bypass in OpenShift AI
A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation across models within the same namespace. When deploying AI models, the UI provides the option to protect models with authentication. However, credentials from one model can be used to access other models and APIs within the same namespace. The exposed ServiceAccount tokens, visible in the UI, can be utilized with oc --token={token} to exploit the elevated view privileges associated with the ServiceAccount, leading to unauthorized access to additional resources.
A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation across models within the same names
GHSA
GHSA-rrc7-8w2h-xw89: A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation across models within the same namespace
ghsa_unreviewed·2024-08-12
CVE-2024-7557 [HIGH] CWE-284 GHSA-rrc7-8w2h-xw89: A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation across models within the same namespace
A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation across models within the same namespace. When deploying AI models, the UI provides the option to protect models with authentication. However, credentials from one model can be used to access other models and APIs within the same namespace. The exposed ServiceAccount tokens, visible in the UI, can be utilized with oc --token={token} to exploit the elevated view privileges associated with the ServiceAccount, leading to unauthorized access to additional resources.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-08-12
Published