TrustyAI Explainability Toolkit Command Injection Vulnerability in LMEvalJob Custom Resource

Vulnerability

A command injection vulnerability exists in the TrustyAI Explainability toolkit. This issue allows arbitrary commands to be executed in the terminal of the LMEvalJob pod. The vulnerability arises when a user with permission to deploy a LMEvalJob custom resource (CR) crafts a maliciously designed CR, exploiting certain fields that can escape the intended command execution context.

Impact

Exploitation of this vulnerability allows for command injection, where arbitrary commands can be executed in the context of the LMEvalJob pod.

Added: Jun 20, 2025, 6:26 PM

Updated: Jun 20, 2025, 6:26 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.6

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.6

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TrustyAI Explainability Toolkit Command Injection Vulnerability in LMEvalJob Custom Resource

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating