5 matches found
CVE-2025-29922
kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.26.3, the identified vulnerability allows creating or deleting an object via the APIExport VirtualWorkspace in any arbitrary target workspace for pre-existing resources. By...
CVE-2025-29922
creationtimestamp| type| source ---|---|--- 2025-03-20 18:20:52+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/8255 2025-03-20 18:40:13+00:00| seen| https://bsky.app/profile/cyberalerts.bsky.social/post/3lktdvxogex2g 2025-03-20 19:00:50+00:00| seen|...
CVE-2025-29922
kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.26.3, the identified vulnerability allows creating or deleting an object via the APIExport VirtualWorkspace in any arbitrary target workspace for pre-existing resources. By...
CVE-2025-29922
The CVE-2025-29922 issue affects kcp (the Kubernetes-like control plane) prior to 0.26.3, where the APIExport VirtualWorkspace can create or delete objects in any target workspace even without an APIBinding. Root cause: access controls around the APIExport VirtualWorkspace are insufficient, allow...
CVE-2025-29922 kcp allows unauthorized creation and deletion of objects in arbitrary workspaces through APIExport Virtual Workspace
kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.26.3, the identified vulnerability allows creating or deleting an object via the APIExport VirtualWorkspace in any arbitrary target workspace for pre-existing resources. By...