AZL-75395 CVE-2025-14459 affecting package cloud-provider-kubevirt 0.5.1-3

A flaw was found in KubeVirt Containerized Data Importer CDI. This vulnerability allows a user to clone PersistentVolumeClaims PVCs from unauthorized namespaces, resulting in unauthorized access to data via the DataImportCron PVC source mechanism...

AZL-75404 CVE-2025-14459 affecting package containerized-data-importer 1.62.0-2

A flaw was found in KubeVirt Containerized Data Importer CDI. This vulnerability allows a user to clone PersistentVolumeClaims PVCs from unauthorized namespaces, resulting in unauthorized access to data via the DataImportCron PVC source mechanism...

AZL-75494 CVE-2025-14459 affecting package kubevirt 0.59.0-38

A flaw was found in KubeVirt Containerized Data Importer CDI. This vulnerability allows a user to clone PersistentVolumeClaims PVCs from unauthorized namespaces, resulting in unauthorized access to data via the DataImportCron PVC source mechanism...

EUVD-2025-36503

A flaw was found in Red Hat Openshift AI Service. The TrustyAI component is granting all service accounts and users on a cluster permissions to get, list, watch any pod in any namespace on the cluster. TrustyAI is creating a role trustyai-service-operator-lmeval-user-role and a CRB...

CVE-2025-12103 Openshift-ai: trusty ai grants all authenticated users to list pods in any namespace

A flaw was found in Red Hat Openshift AI Service. The TrustyAI component is granting all service accounts and users on a cluster permissions to get, list, watch any pod in any namespace on the cluster. TrustyAI is creating a role trustyai-service-operator-lmeval-user-role and a CRB...

CVE-2025-12103

CVE-2025-12103 affects Red Hat OpenShift AI Service (TrustyAI). The component creates a role trustyai-service-operator-lmeval-user-role and a ClusterRoleBinding trustyai-service-operator-default-lmeval-user-rolebinding applied to system:authenticated, granting every authenticated user/service acc...

CVE-2025-12103

A flaw was found in Red Hat Openshift AI Service. The TrustyAI component is granting all service accounts and users on a cluster permissions to get, list, watch any pod in any namespace on the cluster. TrustyAI is creating a role trustyai-service-operator-lmeval-user-role and a CRB...

CVE-2025-12103 Openshift-ai: trusty ai grants all authenticated users to list pods in any namespace

A flaw was found in Red Hat Openshift AI Service. The TrustyAI component is granting all service accounts and users on a cluster permissions to get, list, watch any pod in any namespace on the cluster. TrustyAI is creating a role trustyai-service-operator-lmeval-user-role and a CRB...

PT-2025-44155

Name of the Vulnerable Software and Affected Versions Red Hat Openshift AI Service affected versions not specified Description A flaw exists in the TrustyAI component of Red Hat Openshift AI Service. This component grants all service accounts and users within a cluster permissions to retrieve,...