Joonas

**Name of the Vulnerable Software and Affected Versions** Distribution versions prior to 3.1.1 **Description** An authorization bypass exists where tag deletion via the "/v2/<name>/manifests/<tag>" endpoint ignores the `storage.delete.enabled: false` configuration. This allows any API client to remove tags from repositories even when the operator has explicitly disabled deletion. The issue occurs because the `DeleteManifest()` function detects a tag reference and calls `tagStore.Untag()`, which interacts with the storage driver directly without verifying if deletes are enabled. **Recommendations** Update to version 3.1.1.

**Name of the Vulnerable Software and Affected Versions** Zarf versions 0.54.0 through 0.73.0 **Description** Zarf, an Airgap Native Packager Manager for Kubernetes, contains a path traversal flaw in its archive extraction process. A specially designed Zarf package can create symbolic links that point to locations outside the intended destination directory. This could allow for unauthorized reading or writing of files on the system processing the package. **Recommendations** Update to Zarf version 0.73.1 or later.