14 matches found
EUVD-2025-7159
Malicious code in bioql PyPI...
SUSE CVE-2025-29922
kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.26.3, the identified vulnerability allows creating or deleting an object via the APIExport VirtualWorkspace in any arbitrary target workspace for pre-existing resources. By...
Unauthorized Object Creation And Deletion
kcp is vulnerable to unauthorized object creation and deletion. The vulnerability is due to improper enforcement of access controls in the APIExport VirtualWorkspace, allowing object creation and deletion in arbitrary workspaces without proper authorization checks...
GO-2025-3538 kcp allows unauthorized creation and deletion of objects in arbitrary workspaces through APIExport Virtual Workspace in github.com/kcp-dev/kcp
kcp allows unauthorized creation and deletion of objects in arbitrary workspaces through APIExport Virtual Workspace in github.com/kcp-dev/kcp...
CVE-2025-29922
kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.26.3, the identified vulnerability allows creating or deleting an object via the APIExport VirtualWorkspace in any arbitrary target workspace for pre-existing resources. By...
Improper Authorization
Overview Affected versions of this package are vulnerable to Improper Authorization through the APIExport VirtualWorkspace. An attacker can create and delete objects in arbitrary target workspaces without the necessary permissions by exploiting this vulnerability. Workaround This vulnerability ca...
Improper Authorization
Overview Affected versions of this package are vulnerable to Improper Authorization through the APIExport VirtualWorkspace. An attacker can create and delete objects in arbitrary target workspaces without the necessary permissions by exploiting this vulnerability. Workaround This vulnerability ca...
GHSA-W2RR-38WV-8RRP kcp allows unauthorized creation and deletion of objects in arbitrary workspaces through APIExport Virtual Workspace
Impact The APIExport Virtual Workspace can be used to manage objects in workspaces that bind that APIExport for resources defined in the APIExport or specified and accepted via permission claims. This allows an API provider via their APIExport scoped down access to workspaces of API consumers to...
kcp allows unauthorized creation and deletion of objects in arbitrary workspaces through APIExport Virtual Workspace
Impact The APIExport Virtual Workspace can be used to manage objects in workspaces that bind that APIExport for resources defined in the APIExport or specified and accepted via permission claims. This allows an API provider via their APIExport scoped down access to workspaces of API consumers to...
CVE-2025-29922
kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.26.3, the identified vulnerability allows creating or deleting an object via the APIExport VirtualWorkspace in any arbitrary target workspace for pre-existing resources. By...
CVE-2025-29922
The CVE-2025-29922 issue affects kcp (the Kubernetes-like control plane) prior to 0.26.3, where the APIExport VirtualWorkspace can create or delete objects in any target workspace even without an APIBinding. Root cause: access controls around the APIExport VirtualWorkspace are insufficient, allow...
CVE-2025-29922 kcp allows unauthorized creation and deletion of objects in arbitrary workspaces through APIExport Virtual Workspace
kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.26.3, the identified vulnerability allows creating or deleting an object via the APIExport VirtualWorkspace in any arbitrary target workspace for pre-existing resources. By...
CVE-2025-29922 kcp allows unauthorized creation and deletion of objects in arbitrary workspaces through APIExport Virtual Workspace
kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.26.3, the identified vulnerability allows creating or deleting an object via the APIExport VirtualWorkspace in any arbitrary target workspace for pre-existing resources. By...
CVE-2025-29922 kcp allows unauthorized creation and deletion of objects in arbitrary workspaces through APIExport Virtual Workspace
kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.26.3, the identified vulnerability allows creating or deleting an object via the APIExport VirtualWorkspace in any arbitrary target workspace for pre-existing resources. By...