VDB

CISA-2025-29778

CISA-2025-29778 PUBLISHED CVSS 5.8 MEDIUM

Reported by GitHub_M · Published March 24, 2025

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were signed by unexpected certificate. Deploying these unauthorized kubernetes resources can lead to full compromise of kubernetes cluster. Version 1.14.0-alpha.1 contains a patch for the issue.

Risk Scores

CVSS 3.1
5.8
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N

Affected Products

VendorProductVersions
kyvernokyverno< 1.14.0-alpha.1
kyvernokyverno< 1.14.0-alpha.1, < 1.14.0-alpha.1

Timeline

  • Mar 24, 2025 CVE Published
  • Mar 24, 2025 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›