2 matches found
kcp is missing update validation allows arbitrary LogicalCluster status patches through initializingworkspaces Virtual Workspace
Impact Because UPDATE validation is not being applied, it is possible for an actor with access to an instance of the initializingworkspaces virtual workspace to run arbitrary patches on the status field of LogicalCluster objects while the workspace is initializing. This allows to add or remove an...
Moderate: Red Hat Security Advisory: pcs security, bug fix, and enhancement update
An updated pcs package that fixes one security issue, several bugs, and add various enhancements is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...