3 matches found
GO-2025-3985 kcp is missing update validation allows arbitrary LogicalCluster status patches through initializingworkspaces Virtual Workspace in github.com/kcp-dev/kcp
kcp is missing update validation allows arbitrary LogicalCluster status patches through initializingworkspaces Virtual Workspace in github.com/kcp-dev/kcp...
GHSA-Q6HV-WCJR-WP8H kcp is missing update validation allows arbitrary LogicalCluster status patches through initializingworkspaces Virtual Workspace
Impact Because UPDATE validation is not being applied, it is possible for an actor with access to an instance of the initializingworkspaces virtual workspace to run arbitrary patches on the status field of LogicalCluster objects while the workspace is initializing. This allows to add or remove an...
kcp is missing update validation allows arbitrary LogicalCluster status patches through initializingworkspaces Virtual Workspace
Impact Because UPDATE validation is not being applied, it is possible for an actor with access to an instance of the initializingworkspaces virtual workspace to run arbitrary patches on the status field of LogicalCluster objects while the workspace is initializing. This allows to add or remove an...