9 matches found
AZL-75395 CVE-2025-14459 affecting package cloud-provider-kubevirt 0.5.1-3
A flaw was found in KubeVirt Containerized Data Importer CDI. This vulnerability allows a user to clone PersistentVolumeClaims PVCs from unauthorized namespaces, resulting in unauthorized access to data via the DataImportCron PVC source mechanism...
AZL-75404 CVE-2025-14459 affecting package containerized-data-importer 1.62.0-2
A flaw was found in KubeVirt Containerized Data Importer CDI. This vulnerability allows a user to clone PersistentVolumeClaims PVCs from unauthorized namespaces, resulting in unauthorized access to data via the DataImportCron PVC source mechanism...
AZL-75494 CVE-2025-14459 affecting package kubevirt 0.59.0-38
A flaw was found in KubeVirt Containerized Data Importer CDI. This vulnerability allows a user to clone PersistentVolumeClaims PVCs from unauthorized namespaces, resulting in unauthorized access to data via the DataImportCron PVC source mechanism...
EUVD-2025-36503
A flaw was found in Red Hat Openshift AI Service. The TrustyAI component is granting all service accounts and users on a cluster permissions to get, list, watch any pod in any namespace on the cluster. TrustyAI is creating a role trustyai-service-operator-lmeval-user-role and a CRB...
CVE-2025-12103 Openshift-ai: trusty ai grants all authenticated users to list pods in any namespace
A flaw was found in Red Hat Openshift AI Service. The TrustyAI component is granting all service accounts and users on a cluster permissions to get, list, watch any pod in any namespace on the cluster. TrustyAI is creating a role trustyai-service-operator-lmeval-user-role and a CRB...
CVE-2025-12103
CVE-2025-12103 affects Red Hat OpenShift AI Service (TrustyAI). The component creates a role trustyai-service-operator-lmeval-user-role and a ClusterRoleBinding trustyai-service-operator-default-lmeval-user-rolebinding applied to system:authenticated, granting every authenticated user/service acc...
CVE-2025-12103 Openshift-ai: trusty ai grants all authenticated users to list pods in any namespace
A flaw was found in Red Hat Openshift AI Service. The TrustyAI component is granting all service accounts and users on a cluster permissions to get, list, watch any pod in any namespace on the cluster. TrustyAI is creating a role trustyai-service-operator-lmeval-user-role and a CRB...
CVE-2025-12103
A flaw was found in Red Hat Openshift AI Service. The TrustyAI component is granting all service accounts and users on a cluster permissions to get, list, watch any pod in any namespace on the cluster. TrustyAI is creating a role trustyai-service-operator-lmeval-user-role and a CRB...
PT-2025-44155
Name of the Vulnerable Software and Affected Versions Red Hat Openshift AI Service affected versions not specified Description A flaw exists in the TrustyAI component of Red Hat Openshift AI Service. This component grants all service accounts and users within a cluster permissions to retrieve,...