Technical description
Kubernetes Service Account token disclosure via NodeJS endpoint in odh-dashboard component of Red Hat OpenShift AI. CVSS 8.5. Allows unauthenticated access to Kubernetes resources and potential cluster compromise.
Attack vector
Unauthenticated access to an exposed API endpoint in odh-dashboard leaks Kubernetes Service Account tokens, enabling lateral movement within OpenShift clusters.
Affected systems
Red Hat OpenShift AI deployments using odh-dashboard component.
Mitigation
Apply Red Hat security patch immediately. Review and rotate exposed Kubernetes Service Account tokens. Audit cluster access logs for suspicious activity.