Affected by GO-2024-3325
and 3 other vulnerabilities
GO-2024-3325: kcp's impersonation allows access to global administrative groups in github.com/kcp-dev/kcp
GO-2025-3538: kcp allows unauthorized creation and deletion of objects in arbitrary workspaces through APIExport Virtual Workspace in github.com/kcp-dev/kcp
GO-2025-3985: kcp is missing update validation allows arbitrary LogicalCluster status patches through initializingworkspaces Virtual Workspace in github.com/kcp-dev/kcp
GO-2026-5088: kcp's cache server is accessible without authentication or authorization checks in github.com/kcp-dev/kcp
Package authorization provides mechanisms for enforcing authorization to Workspace resources in KCP This package is largely inspired from openshift/openshift-apiserver/pkg/project/auth https://github.com/openshift/openshift-apiserver/blob/9271466bfd02a9eb02fb5a43c8b9ff1ced76aca9/pkg/project/auth
Package authorization provides mechanisms for enforcing authorization to Workspace resources in KCP This package is largely inspired from openshift/openshift-apiserver/pkg/project/auth https://github.com/openshift/openshift-apiserver/blob/9271466bfd02a9eb02fb5a43c8b9ff1ced76aca9/pkg/project/auth