Redhat

Openshift Ai

8 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.9

CVE-2026-5483

  • EPSS 0.07%
  • Veröffentlicht 10.04.2026 17:33:25
  • Zuletzt bearbeitet 21.04.2026 19:51:11

A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in the `odh-dashboard` component of Red Hat OpenShift AI (RHOAI) allows for the disclosure of Kubernetes Service Account tokens through a NodeJS endpoint. This could enable...

8.1

CVE-2025-12805

Exploit
  • EPSS 0.01%
  • Veröffentlicht 26.03.2026 21:48:16
  • Zuletzt bearbeitet 30.04.2026 16:21:05

A flaw was found in Red Hat OpenShift AI (RHOAI) llama-stack-operator. This vulnerability allows unauthorized access to Llama Stack services deployed in other namespaces via direct network requests, because no NetworkPolicy restricts access to the ll...

7.5

CVE-2026-23536

  • EPSS 0.1%
  • Veröffentlicht 20.03.2026 21:58:47
  • Zuletzt bearbeitet 23.03.2026 14:32:02

A security issue was discovered in the Feast Feature Server's `/read-document` endpoint that allows an unauthenticated remote attacker to read any file accessible to the server process. By sending a specially crafted HTTP POST request, an attacker ca...

5

CVE-2025-12103

  • EPSS 0.03%
  • Veröffentlicht 28.10.2025 13:31:59
  • Zuletzt bearbeitet 23.04.2026 18:16:22

A flaw was found in Red Hat Openshift AI Service. The TrustyAI component is granting all service accounts and users on a cluster permissions to get, list, watch any pod in any namespace on the cluster. TrustyAI is creating a role `trustyai-service-...

9.9

CVE-2025-10725

  • EPSS 0.16%
  • Veröffentlicht 30.09.2025 18:15:47
  • Zuletzt bearbeitet 15.04.2026 00:35:42

A flaw was found in Red Hat Openshift AI Service. A low-privileged attacker with access to an authenticated account, for example as a data scientist using a standard Jupyter notebook, can escalate their privileges to a full cluster administrator. Thi...

6.4

CVE-2025-57852

  • EPSS 0.01%
  • Veröffentlicht 30.09.2025 15:15:53
  • Zuletzt bearbeitet 15.04.2026 00:35:42

A container privilege escalation flaw was found in KServe ModelMesh container images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute comma...

5.9

CVE-2025-6193

  • EPSS 0.39%
  • Veröffentlicht 20.06.2025 15:54:13
  • Zuletzt bearbeitet 15.04.2026 00:35:42

A command injection vulnerability was discovered in the TrustyAI Explainability toolkit. Arbitrary commands placed in certain fields of a LMEValJob custom resource (CR) may be executed in the LMEvalJob pod's terminal. This issue can be exploited via ...

8.8

CVE-2024-7557

  • EPSS 0.31%
  • Veröffentlicht 12.08.2024 13:38:43
  • Zuletzt bearbeitet 19.03.2026 17:16:20

A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation across models within the same namespace. When deploying AI models, the UI provides the option to protect models with authentication. However, cre...