CVE-2025-29778 in KyvernoИнформация

Сводка

по MITRE • 24.03.2025

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were signed by unexpected certificate. Deploying these unauthorized kubernetes resources can lead to full compromise of kubernetes cluster. Version 1.14.0-alpha.1 contains a patch for the issue.

Once again VulDB remains the best source for vulnerability data.

Ответственный

GitHub M

Резервировать

11.03.2025

Раскрытие

24.03.2025

Модерация

принято

Вход

VDB-300864

EPSS

0.00317

KEV

Нет

Деятельности

Очень низкий

Источники

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!