Описание
A command injection vulnerability was discovered in the TrustyAI Explainability toolkit. Arbitrary commands placed in certain fields of a LMEValJob custom resource (CR) may be executed in the LMEvalJob pod's terminal. This issue can be exploited via a maliciously crafted LMEvalJob by a user with permissions to deploy a CR.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift AI (RHOAI) | rhoai/odh-rhel8-operator | Not affected | ||
| Red Hat OpenShift AI (RHOAI) | rhoai/odh-trustyai-service-operator-rhel8 | Affected | ||
| Red Hat OpenShift AI (RHOAI) | rhoai/odh-trustyai-service-rhel8 | Not affected | ||
| Red Hat OpenShift AI (RHOAI) | rhods/odh-rhel8-operator | Not affected | ||
| Red Hat OpenShift AI (RHOAI) | rhods/odh-trustyai-service-operator-rhel8 | Affected | ||
| Red Hat OpenShift AI (RHOAI) | rhods/odh-trustyai-service-rhel8 | Not affected |
Показывать по
Дополнительная информация
Статус:
5.9 Medium
CVSS3
Связанные уязвимости
A command injection vulnerability was discovered in the TrustyAI Explainability toolkit. Arbitrary commands placed in certain fields of a LMEValJob custom resource (CR) may be executed in the LMEvalJob pod's terminal. This issue can be exploited via a maliciously crafted LMEvalJob by a user with permissions to deploy a CR.
A command injection vulnerability was discovered in the TrustyAI Explainability toolkit. Arbitrary commands placed in certain fields of a LMEValJob custom resource (CR) may be executed in the LMEvalJob pod's terminal. This issue can be exploited via a maliciously crafted LMEvalJob by a user with permissions to deploy a CR.
5.9 Medium
CVSS3