#vulnerability

### Impact [Impersonation](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#user-impersonation) is a feature of the Kubernetes API, allowing to override user information. As downstream project, kcp inherits this feature. As per the linked documentation a specific level of privilege (usually assigned to cluster admins) is required for impersonation. The vulnerability in kcp affects kcp installations in which users are granted the `cluster-admin` ClusterRole (or comparably high permission levels that grant impersonation access; the verb in question is `impersonate`) within their respective workspaces. As kcp builds around self-service confined within workspaces, most installations would likely grant such workspace access to their users. Such users can impersonate special global administrative groups, which circumvent parts of the authorizer chains, e.g. [maximal permission policies](https://docs.kcp.io/kcp/v0.26/concepts/apis/exporting-apis/#maximal-permission-po...

File upload logic is flawed vulnerability in Apache Struts. This issue affects Apache Struts: from 2.0.0 before 6.4.0. Users are recommended to upgrade to version 6.4.0, which fixes the issue. You can find more details in  https://cwiki.apache.org/confluence/display/WW/S2-067

SUMMARY Cybersecurity researchers at Oasis Security have identified a vulnerability in Microsoft’s Multi-Factor Authentication (MFA), known as AuthQuake,…

High-profile security incidents provide examples of how common vulnerabilities can be exploited. If you pay attention, you can learn from others' mistakes.

The ABB Cylon Aspect BMS/BAS system suffers from an unauthenticated configuration disclosure vulnerability. This can be exploited to retrieve sensitive configuration data, including file paths, environment settings, and the location of system scripts. These exposed configuration files may allow an attacker to gain insights into the system's structure, facilitating further attacks or unauthorized access.

Hackers are constantly evolving, and so too should our security protocols.

Cybersecurity researchers have flagged a "critical" security vulnerability in Microsoft's multi-factor authentication (MFA) implementation that allows an attacker to trivially sidestep the protection and gain unauthorized access to a victim's account. "The bypass was simple: it took around an hour to execute, required no user interaction and did not generate any notification or provide the

An unauthenticated vulnerability in ABB Cylon Aspect BMS/BAS allows the download of an SQLite3 database file, exposing sensitive information stored in several tables. This vulnerability could lead to unauthorized access to system data, enabling information disclosure and potential exploitation of critical building management or automation systems.

ABB Cylon Aspect is affected by multiple Server-Side Request Forgery (SSRF) vulnerabilities. These vulnerabilities allow authenticated attackers to exploit APIs and internal functions to make arbitrary network requests. This could result in unauthorized access to internal systems, data exfiltration, or bypassing firewall protections.

SUMMARY Cybersecurity researchers at Deep Instinct have uncovered a novel and powerful Distributed Component Object Model (DCOM) based…