Jitendra Yejare

**Name of the Vulnerable Software and Affected Versions** Feast Feature Server (affected versions not specified) **Description** A security issue exists in the Feast Feature Server that allows an unauthenticated remote attacker to read any file accessible to the server process. This is exploitable through the `/read-document` API endpoint by sending a specially crafted HTTP POST request, bypassing intended access restrictions. This could lead to the retrieval of sensitive system files, application configurations, and credentials. The root cause is flawed access controls. Exploitation of this issue can enable low-privileged users to gain cluster admin rights, potentially leading to full hybrid cloud compromise, data exfiltration, and AI workload disruption. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foreman versions prior to 1.14.0 **Description** The issue is related to an information leak in Foreman. It was discovered that the Foreman form helper does not properly authorize options for associated objects. As a result, an unauthorized user can view the names of such objects if their count is less than 6. **Recommendations** For versions prior to 1.14.0, update to version 1.14.0 or later to resolve the issue.