Lucene search
K

14 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-7159

Malicious code in bioql PyPI...

9.6CVSS5.4AI score0.00348EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2025/03/29 3:3 a.m.4 views

SUSE CVE-2025-29922

kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.26.3, the identified vulnerability allows creating or deleting an object via the APIExport VirtualWorkspace in any arbitrary target workspace for pre-existing resources. By...

9.6CVSS6.9AI score0.00348EPSS
Exploits0References3
Veracode
Veracode
added 2025/03/28 2:37 a.m.10 views

Unauthorized Object Creation And Deletion

kcp is vulnerable to unauthorized object creation and deletion. The vulnerability is due to improper enforcement of access controls in the APIExport VirtualWorkspace, allowing object creation and deletion in arbitrary workspaces without proper authorization checks...

9.6CVSS7.1AI score0.00348EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/03/25 7:38 p.m.29 views

GO-2025-3538 kcp allows unauthorized creation and deletion of objects in arbitrary workspaces through APIExport Virtual Workspace in github.com/kcp-dev/kcp

kcp allows unauthorized creation and deletion of objects in arbitrary workspaces through APIExport Virtual Workspace in github.com/kcp-dev/kcp...

9.6CVSS9.3AI score0.00348EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/03/22 6:7 p.m.17 views

CVE-2025-29922

kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.26.3, the identified vulnerability allows creating or deleting an object via the APIExport VirtualWorkspace in any arbitrary target workspace for pre-existing resources. By...

9.6CVSS6.8AI score0.00348EPSS
Exploits0References1
Snyk
Snyk
added 2025/03/20 6:49 p.m.1 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization through the APIExport VirtualWorkspace. An attacker can create and delete objects in arbitrary target workspaces without the necessary permissions by exploiting this vulnerability. Workaround This vulnerability ca...

9.6CVSS7AI score0.00348EPSS
Exploits0References2
Snyk
Snyk
added 2025/03/20 6:49 p.m.1 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization through the APIExport VirtualWorkspace. An attacker can create and delete objects in arbitrary target workspaces without the necessary permissions by exploiting this vulnerability. Workaround This vulnerability ca...

9.6CVSS7AI score0.00348EPSS
Exploits0References2
OSV
OSV
added 2025/03/20 6:49 p.m.10 views

GHSA-W2RR-38WV-8RRP kcp allows unauthorized creation and deletion of objects in arbitrary workspaces through APIExport Virtual Workspace

Impact The APIExport Virtual Workspace can be used to manage objects in workspaces that bind that APIExport for resources defined in the APIExport or specified and accepted via permission claims. This allows an API provider via their APIExport scoped down access to workspaces of API consumers to...

9.6CVSS7AI score0.00348EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/03/20 6:49 p.m.25 views

kcp allows unauthorized creation and deletion of objects in arbitrary workspaces through APIExport Virtual Workspace

Impact The APIExport Virtual Workspace can be used to manage objects in workspaces that bind that APIExport for resources defined in the APIExport or specified and accepted via permission claims. This allows an API provider via their APIExport scoped down access to workspaces of API consumers to...

9.6CVSS6.7AI score0.00348EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2025/03/20 6:15 p.m.12 views

CVE-2025-29922

kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.26.3, the identified vulnerability allows creating or deleting an object via the APIExport VirtualWorkspace in any arbitrary target workspace for pre-existing resources. By...

9.6CVSS0.00348EPSS
Exploits0References3
CVE
CVE
added 2025/03/20 5:49 p.m.147 views

CVE-2025-29922

The CVE-2025-29922 issue affects kcp (the Kubernetes-like control plane) prior to 0.26.3, where the APIExport VirtualWorkspace can create or delete objects in any target workspace even without an APIBinding. Root cause: access controls around the APIExport VirtualWorkspace are insufficient, allow...

9.6CVSS9.2AI score0.00348EPSS
Exploits0References3
OSV
OSV
added 2025/03/20 5:49 p.m.11 views

CVE-2025-29922 kcp allows unauthorized creation and deletion of objects in arbitrary workspaces through APIExport Virtual Workspace

kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.26.3, the identified vulnerability allows creating or deleting an object via the APIExport VirtualWorkspace in any arbitrary target workspace for pre-existing resources. By...

9.6CVSS5.3AI score0.00348EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/03/20 5:49 p.m.22 views

CVE-2025-29922 kcp allows unauthorized creation and deletion of objects in arbitrary workspaces through APIExport Virtual Workspace

kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.26.3, the identified vulnerability allows creating or deleting an object via the APIExport VirtualWorkspace in any arbitrary target workspace for pre-existing resources. By...

9.6CVSS9.3AI score0.00348EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/03/20 5:49 p.m.29 views

CVE-2025-29922 kcp allows unauthorized creation and deletion of objects in arbitrary workspaces through APIExport Virtual Workspace

kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.26.3, the identified vulnerability allows creating or deleting an object via the APIExport VirtualWorkspace in any arbitrary target workspace for pre-existing resources. By...

9.6CVSS0.00348EPSS
Exploits0References3
Rows per page
Query Builder