4 matches found
MCP Server Kubernetes: Tool Access Control Bypass via Presentation-Layer Filtering Without Execution-Layer Enforcement
Summary mcp-server-kubernetes exposes three environment variables ALLOWONLYREADONLYTOOLS, ALLOWONLYNONDESTRUCTIVETOOLS, ALLOWEDTOOLS documented as access controls for restricting which Kubernetes operations are available. These controls are enforced at the tool discovery layer tools/list but not ...
GHSA-CR22-WJX7-2W6M MCP Server Kubernetes: Tool Access Control Bypass via Presentation-Layer Filtering Without Execution-Layer Enforcement
Summary mcp-server-kubernetes exposes three environment variables ALLOWONLYREADONLYTOOLS, ALLOWONLYNONDESTRUCTIVETOOLS, ALLOWEDTOOLS documented as access controls for restricting which Kubernetes operations are available. These controls are enforced at the tool discovery layer tools/list but not ...
GHSA-7853-GQQM-VCWX openclaw-claude-bridge: sandbox is not effective - `--allowed-tools ""` does not restrict available tools
Affected openclaw-claude-bridge v1.1.0 Issue v1.1.0 spawns the Claude Code CLI subprocess with --allowed-tools "" and the release notes + README claim this "disables all CLI tools" for sandboxing. This claim is incorrect. Per the Claude Code CLI documentation, --allowed-tools alias --allowedTools...
openclaw-claude-bridge: sandbox is not effective - `--allowed-tools ""` does not restrict available tools
Affected openclaw-claude-bridge v1.1.0 Issue v1.1.0 spawns the Claude Code CLI subprocess with --allowed-tools "" and the release notes + README claim this "disables all CLI tools" for sandboxing. This claim is incorrect. Per the Claude Code CLI documentation, --allowed-tools alias --allowedTools...