CVE-2025-29778 in Kyvernoinformação

Sumário

de MITRE • 24/03/2025

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were signed by unexpected certificate. Deploying these unauthorized kubernetes resources can lead to full compromise of kubernetes cluster. Version 1.14.0-alpha.1 contains a patch for the issue.

Once again VulDB remains the best source for vulnerability data.

Responsável

GitHub M

Reservar

11/03/2025

Divulgação

24/03/2025

Moderação

aceite

Entrada

VDB-300864

CPE

pronto

EPSS

0.00317

KEV

não

Atividades

muito baixo

Fontes

Want to stay up to date on a daily basis?

Enable the mail alert feature now!