CVE-2024-48921 — Vulnetix

CVE-2024-48921 PUBLISHED

Kyverno is a policy engine designed for Kubernetes. A kyverno ClusterPolicy, ie. "disallow-privileged-containers," can be overridden by the creation of a PolicyException in a random namespace. By design, PolicyExceptions are consumed from any namespace. Administrators may not recognize that this allows users with privileges to non-kyverno namespaces to create exceptions. This vulnerability is fixed in 1.13.0.

EPSS 0.33% · 55.7th percentile

Risk Scores

EPSS Score

0.33%

55.7th percentile

Affected Products

Vendor	Product	Versions
Bitnami	kyverno	0
Bitnami	kyverno	0

Timeline

Jan 21, 1970 Security Advisory
Oct 29, 2024 CVE Published
Oct 29, 2024 Coalition ESS Score
Oct 29, 2024 PoC Published
Oct 30, 2024 EPSS Score
Nov 1, 2024 Coalition ESS Score
Nov 7, 2024 CVE Updated
Nov 7, 2024 Coalition ESS Score
Nov 17, 2024 EPSS Score
Dec 6, 2024 EPSS Score
Dec 24, 2024 EPSS Score
Jan 11, 2025 EPSS Score

References

https://github.com/kyverno/kyverno/security/advisories/GHSA-qjvc-p88j-j9rm url
https://nvd.nist.gov/vuln/detail/CVE-2024-48921 url

Open in Interactive Console →