Primary

Context

NVIDIA AIStore Elevated Access Vulnerability in AIS Operator

Vulnerability

A vulnerability exists in NVIDIA AIStore within the AIS Operator component, allowing users to gain elevated access to Kubernetes clusters. This issue arises from the ServiceAccount linked to the ClusterRole, and its exploitation could lead to unauthorized information disclosure.

Impact

Exploitation of this vulnerability could result in unauthorized access to Kubernetes cluster resources, potentially allowing for elevated privileges and access to sensitive information.

Remediation

Users can upgrade to NVIDIA AIStore on Kubernetes version 2.3.0 to address this vulnerability. Instructions for downloading this update are available on the NVIDIA AIStore on Kubernetes GitHub page.

Added: Jun 24, 2025, 6:17 PM

Updated: Jun 24, 2025, 6:17 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NVIDIA AIStore Elevated Access Vulnerability in AIS Operator

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating