Cyber Resilience

CVE-2024-7557

High

Published: 12 August 2024

Published
12 August 2024
Modified
19 March 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0031 54.4th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-7557 is a high-severity Authentication Bypass by Primary Weakness (CWE-305) vulnerability in Redhat Openshift Ai. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 45.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as Other Platforms; in the Supply Chain and Deployment risk domain; MITRE ATLAS techniques in scope: AI Model Inference API Access (AML.T0040).

EU & UK References

Vulnerability details

A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation across models within the same namespace. When deploying AI models, the UI provides the option to protect models with authentication. However, credentials from one model…

more

can be used to access other models and APIs within the same namespace. The exposed ServiceAccount tokens, visible in the UI, can be utilized with oc --token={token} to exploit the elevated view privileges associated with the ServiceAccount, leading to unauthorized access to additional resources.

CWE(s)

AI Security AnalysisAI

AI Category
Other Platforms
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
OpenShift AI is an enterprise platform for deploying and managing AI/ML models, fitting the 'Other Platforms' category as it handles model serving, authentication, and namespace-based access control for AI workloads.

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1078.004 Cloud Accounts Stealth
Valid accounts in cloud environments may allow adversaries to perform actions to achieve Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
T1528 Steal Application Access Token Credential Access
Adversaries can steal application access tokens as a means of acquiring credentials to access remote systems and resources.
T1552.007 Container API Credential Access
Adversaries may gather credentials via APIs within a containers environment.
T1651 Cloud Administration Command Execution
Adversaries may abuse cloud management services to execute commands within virtual machines.
Why these techniques?

CVE exposes ServiceAccount tokens in UI (T1552.007, T1528), enabling their theft and misuse as valid cloud accounts for auth bypass (T1078.004), privilege escalation via vuln exploitation (T1068), and elevated cloud admin commands with oc CLI (T1651).

MITRE ATLAS TechniquesAI

MITRE ATLAS techniques

AML.T0040: AI Model Inference API Access

Affected Assets

redhat
openshift ai
all versions
redhat
openshift data science
all versions

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References