- EPSS 0.03%
- Veröffentlicht 28.10.2025 13:31:59
- Zuletzt bearbeitet 12.11.2025 17:15:36
A flaw was found in Red Hat Openshift AI Service. The TrustyAI component is granting all service accounts and users on a cluster permissions to get, list, watch any pod in any namespace on the cluster. TrustyAI is creating a role `trustyai-service-...
CVE-2025-10725
- EPSS 0.09%
- Veröffentlicht 30.09.2025 18:15:47
- Zuletzt bearbeitet 06.11.2025 22:15:38
A flaw was found in Red Hat Openshift AI Service. A low-privileged attacker with access to an authenticated account, for example as a data scientist using a standard Jupyter notebook, can escalate their privileges to a full cluster administrator. Thi...
CVE-2025-57852
- EPSS 0.01%
- Veröffentlicht 30.09.2025 15:15:53
- Zuletzt bearbeitet 07.11.2025 01:15:36
A container privilege escalation flaw was found in KServe ModelMesh container images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute comma...
CVE-2025-6193
- EPSS 0.07%
- Veröffentlicht 20.06.2025 15:54:13
- Zuletzt bearbeitet 02.09.2025 19:15:32
A command injection vulnerability was discovered in the TrustyAI Explainability toolkit. Arbitrary commands placed in certain fields of a LMEValJob custom resource (CR) may be executed in the LMEvalJob pod's terminal. This issue can be exploited via ...
CVE-2024-7557
- EPSS 0.07%
- Veröffentlicht 12.08.2024 13:38:43
- Zuletzt bearbeitet 18.09.2024 07:15:04
A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation across models within the same namespace. When deploying AI models, the UI provides the option to protect models with authentication. However, cre...