OpenShift AI: Exposes Models to Unauthorized Access - Proactive Insights and Support For Open-Source Applications

In OpenShift AI versions before 2.9 a high severity vulnerability CVE-2024-7557 was detected. This allows attackers to bypass authentication and escalate privileges, gaining unauthorized access to other AI models and APIs within the same namespace by exploiting exposed ServiceAccount tokens. To fix this problem, users should upgrade OpenShift AI to version 2.9. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-7557.