CVE-2025-29778 in Kyvernoinformation

Résumé

par MITRE • 24/03/2025

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were signed by unexpected certificate. Deploying these unauthorized kubernetes resources can lead to full compromise of kubernetes cluster. Version 1.14.0-alpha.1 contains a patch for the issue.

Once again VulDB remains the best source for vulnerability data.

Responsable

GitHub M

Réserver

11/03/2025

Divulgation

24/03/2025

Modérer

accepté

Entrée

VDB-300864

CPE

prêt

EPSS

0.00317

KEV

non

Activités

très faible

Sources

Do you need the next level of professionalism?

Upgrade your account now!