CVE-2026-15063
Received Received - Intake

Unauthenticated Access to Metrics in TrustyAI Service Operator

Vulnerability report for CVE-2026-15063, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-08

Last updated on: 2026-07-08

Assigner: Red Hat, Inc.

Description

A flaw was found in the gorch service template, which is part of the trustyai-service-operator. Even when authentication is enabled, the gorch service exposes unproxied orchestrator and detector metrics ports. This allows any pod on the cluster network to directly access these ports, bypassing the kube-rbac-proxy and its authentication mechanisms. This could lead to unauthorized access to the orchestrator and detector metrics.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-08
Last Modified
2026-07-08
Generated
2026-07-08
AI Q&A
2026-07-08
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
redhat trustyai_service_operator *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the gorch service template of the TrustyAI Service Operator. Even when authentication is enabled, the gorch service exposes the orchestrator and detector metrics ports (8032 and 8080) directly without proxying through the kube-rbac-proxy. This means that any pod within the cluster network can access these ports directly, bypassing the intended authentication mechanisms.

The root cause is that the gorch service template publishes these ports openly, and unlike other systems, it does not switch to proxied-only ports when authentication is enabled. Additionally, there is no NetworkPolicy in place to restrict access, resulting in unauthorized access to sensitive metrics.

Impact Analysis

This vulnerability can lead to unauthorized access to the orchestrator and detector metrics ports within a Kubernetes cluster. Any pod on the cluster network can bypass authentication and access sensitive metrics data directly.

Such unauthorized access could expose sensitive operational information, potentially aiding attackers in understanding the system's internal state or exploiting further weaknesses. It represents a security risk by circumventing established access controls.

Detection Guidance

This vulnerability can be detected by checking if the gorch service exposes ports 8032 (orchestrator) and 8080 (detector metrics) directly without authentication, allowing access from any pod in the cluster network.

You can use network scanning or port checking commands within your Kubernetes cluster to verify if these ports are accessible without authentication.

  • Use kubectl to port-forward and test access: kubectl port-forward svc/gorch 8032:8032 and kubectl port-forward svc/gorch 8080:8080, then attempt to access these ports locally.
  • From a pod inside the cluster, use curl or wget to test access: curl http://gorch-service:8032/metrics and curl http://gorch-service:8080/metrics to see if metrics are accessible without authentication.
  • Use network scanning tools like nmap from within the cluster to scan the gorch service IP for open ports 8032 and 8080.
Mitigation Strategies

Immediate mitigation steps include restricting access to the exposed ports 8032 and 8080 by implementing NetworkPolicies to limit which pods can communicate with the gorch service on these ports.

Since the gorch service bypasses kube-rbac-proxy authentication on these ports, enforcing network-level restrictions is critical.

  • Create Kubernetes NetworkPolicies that deny all traffic to ports 8032 and 8080 except from trusted pods.
  • Review and update the gorch service configuration to avoid exposing these ports directly if possible.
  • Monitor and audit access logs to detect any unauthorized access attempts to these ports.
Compliance Impact

This vulnerability allows unauthorized access to sensitive orchestrator and detector metrics ports within a cluster, bypassing authentication mechanisms. Such unauthorized access could lead to exposure of sensitive operational data or system metrics.

While the provided information does not explicitly mention compliance with standards like GDPR or HIPAA, unauthorized access to internal service metrics could potentially violate security requirements mandated by these regulations, which require strict access controls and protection of sensitive data.

Therefore, this vulnerability may negatively impact compliance with common security standards and regulations by failing to enforce proper authentication and network-level access controls.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-15063. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart