8.1

CVE-2022-47633

An image signature validation bypass vulnerability in Kyverno 1.8.3 and 1.8.4 allows a malicious image registry (or a man-in-the-middle attacker) to inject unsigned arbitrary container images into a protected Kubernetes cluster. This is fixed in 1.8.5. This has been fixed in 1.8.5 and mitigations are available for impacted releases.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
KyvernoKyverno Version1.8.3
KyvernoKyverno Version1.8.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.96% 0.568
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.1 2.2 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.1 2.2 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://github.com/kyverno/kyverno/compare/v1.8.4...v1.8.5
Patch
Third Party Advisory
https://github.com/kyverno/kyverno/pull/5713
Patch
Third Party Advisory
https://github.com/kyverno/kyverno/releases/tag/v1.8.5
Third Party Advisory
Release Notes
https://github.com/kyverno/kyverno/security/advisories/GHSA-m3cq-xcx9-3gvm
Patch
Third Party Advisory
https://kyverno.io/docs/writing-policies/verify-images/
Product