NPM: MCP Server Kubernetes: Tool Access Control Bypass via Presentation-Layer Filtering Without Execution-Layer Enforcement

NPM: MCP Server Kubernetes: Tool Access Control Bypass via Presentation-Layer Filtering Without Execution-Layer Enforcement vulnerability discovered by ? in WordPress Npm mcp-server-kubernetes versions 3.6.0...

MCP Server Kubernetes: Tool Access Control Bypass via Presentation-Layer Filtering Without Execution-Layer Enforcement

Summary mcp-server-kubernetes exposes three environment variables ALLOWONLYREADONLYTOOLS, ALLOWONLYNONDESTRUCTIVETOOLS, ALLOWEDTOOLS documented as access controls for restricting which Kubernetes operations are available. These controls are enforced at the tool discovery layer tools/list but not ...

MZ Automation GmbH libiec61850 parseNormalModeParameters denial of service vulnerability

Summary A denial of service vulnerability exists in the parseNormalModeParameters functionality of MZ Automation GmbH libiec61850 1.5.0. A specially-crafted series of network requests can lead to denial of service. An attacker can send a sequence of malformed iec61850 messages to trigger this...

GitLab: XSS (Persistent) - Selecting role(s) for protected branches

Summary: When using the dropdown that selects the groups or users that are allowed to push or merge to a protected branch within a project, it is possible to trigger a XSS with a malicious user name string. Description: This vulnerability is similar to the recently announced CVE-2018-10379. The...

[SECURITY] Fedora 20 Update: php-Smarty-3.1.21-1.fc20

Although Smarty is known as a "Template Engine", it would be more accurately described as a "Template/Presentation Framework." That is, it provides the programmer and template designer with a wealth of tools to automate tasks commonly dealt with at the presentation layer of an application. I stre...