207 matches found
Unauthorized Object Creation And Deletion
kcp is vulnerable to unauthorized object creation and deletion. The vulnerability is due to improper enforcement of access controls in the APIExport VirtualWorkspace, allowing object creation and deletion in arbitrary workspaces without proper authorization checks...
GO-2025-3538 kcp allows unauthorized creation and deletion of objects in arbitrary workspaces through APIExport Virtual Workspace in github.com/kcp-dev/kcp
kcp allows unauthorized creation and deletion of objects in arbitrary workspaces through APIExport Virtual Workspace in github.com/kcp-dev/kcp...
kcp allows unauthorized creation and deletion of objects in arbitrary workspaces through APIExport Virtual Workspace
Impact The APIExport Virtual Workspace can be used to manage objects in workspaces that bind that APIExport for resources defined in the APIExport or specified and accepted via permission claims. This allows an API provider via their APIExport scoped down access to workspaces of API consumers to...
CVE-2025-29922 kcp allows unauthorized creation and deletion of objects in arbitrary workspaces through APIExport Virtual Workspace
kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.26.3, the identified vulnerability allows creating or deleting an object via the APIExport VirtualWorkspace in any arbitrary target workspace for pre-existing resources. By...
CVE-2025-29922 kcp allows unauthorized creation and deletion of objects in arbitrary workspaces through APIExport Virtual Workspace
kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.26.3, the identified vulnerability allows creating or deleting an object via the APIExport VirtualWorkspace in any arbitrary target workspace for pre-existing resources. By...
CVE-2025-29922 kcp allows unauthorized creation and deletion of objects in arbitrary workspaces through APIExport Virtual Workspace
kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.26.3, the identified vulnerability allows creating or deleting an object via the APIExport VirtualWorkspace in any arbitrary target workspace for pre-existing resources. By...
PT-2025-12365
Name of the Vulnerable Software and Affected Versions kcp versions prior to 0.26.3 Description The issue allows creating or deleting an object via the APIExport VirtualWorkspace in any arbitrary target workspace for pre-existing resources, even if there is no APIBinding in that workspace or the...
Linux Distros Unpatched Vulnerability : CVE-2020-10663
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability...
Samba 权限许可和访问控制问题漏洞
Samba is a Samba open source suite of standard Windows interoperability programs for Linux and Unix. Samba suffers from a Permission Permission and Access Control Issue vulnerability that stems from the lack of access control lists during object creation, which can lead to unexpected elevation of...
Pulp incorrectly assigns RBAC permissions in tasks that create objects
A flaw was found in the Pulp package. When a role-based access control RBAC object in Pulp is set to assign permissions on its creation, it uses the AutoAddObjPermsMixin typically the addrolesforobjectcreator method. This method finds the object creator by checking the current authenticated user...
Pulp 安全漏洞
Pulp is an open source project from Pulp Open Source that enables developers to easily fetch, upload and distribute software packages locally or in the cloud. A security vulnerability exists in Pulp that stems from a problem with the way role-based access control objects are assigned permissions ...
Improper Authorization
silverstripe/cms is vulnerable to Improper Authorization. The vulnerability is due to insufficient permission checks during SiteTree object creation, allowing unauthorized users to create new SiteTree objects...
CVE-2023-39478
Softing Secure Integration Server Exposure of Resource to Wrong Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this...
CVE-2023-45808
iTop is an IT service management platform. When creating or updating an object, extkey values aren't checked to be in the current user silo. In other words, by forging an http request, the user can create objects pointing to out of silo objects for example a UserRequest in an out of scope...
CVE-2023-45808 iTop missing silo check on extkey in console and portal
iTop is an IT service management platform. When creating or updating an object, extkey values aren't checked to be in the current user silo. In other words, by forging an http request, the user can create objects pointing to out of silo objects for example a UserRequest in an out of scope...
CVE-2023-45808 iTop missing silo check on extkey in console and portal
iTop is an IT service management platform. When creating or updating an object, extkey values aren't checked to be in the current user silo. In other words, by forging an http request, the user can create objects pointing to out of silo objects for example a UserRequest in an out of scope...
CVE-2023-45808
CVE-2023-45808 – iTop silo check bypass Affected software: Combodo iTop (IT service management platform). Issue: When creating or updating objects, extkey values aren’t checked against the current user silo, allowing forged HTTP requests to reference out-of-silo objects (e.g., a UserRequest in an...
iTop 安全漏洞
iTop is a platform that provides all the resources needed to optimize iTop. A security vulnerability exists in iTop versions 2.7.10, 3.0.4, 3.1.1, and 3.2.0 that stems from permissions that do not check the extkey value when creating or updating an object...
Prototype Pollution
mysql2 is vulnerable to Prototype Pollution. The vulnerability is due to insecure object creation and improper user input sanitization which is passed through the parserFn method in both textparser.js and binaryparser.js...
mysql2 vulnerable to Prototype Poisoning
Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in textparser.js and binaryparser.js...