PT-2026-56473 · Red Hat · Red Hat Openshift

Publicado

2026-07-08

·

Atualizado

2026-07-08

·

CVE-2026-15063

CVSS v3.1

6.3

Média

VetorAV:A/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
A flaw was found in the gorch service template, which is part of the trustyai-service-operator. Even when authentication is enabled, the gorch service exposes unproxied orchestrator and detector metrics ports. This allows any pod on the cluster network to directly access these ports, bypassing the kube-rbac-proxy and its authentication mechanisms. This could lead to unauthorized access to the orchestrator and detector metrics.

Correção

Missing Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-15063

Produtos afetados

Red Hat Openshift