Adam Bellusci

**Name of the Vulnerable Software and Affected Versions** OpenShift AI versions prior to 2.9 **Description** A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation across models within the same namespace. When deploying AI models, the UI provides the option to protect models with authentication. However, credentials from one model can be used to access other models and APIs within the same namespace. The exposed ServiceAccount tokens, visible in the UI, can be utilized with oc --token={token} to exploit the elevated view privileges associated with the ServiceAccount, leading to unauthorized access to additional resources. **Recommendations** For OpenShift AI versions prior to 2.9, upgrade to version 2.9 to resolve the issue. As a temporary workaround, consider restricting access to the exposed ServiceAccount tokens and limiting the use of elevated view privileges associated with the ServiceAccount. Avoid using the `token` variable in the `oc --token={token}` command until the issue is resolved.