Lucene search

[email protected]CVE-2022-47633

HistoryDec 23, 2022 - 11:15 p.m.

CVE-2022-47633

2022-12-2323:15:08

CWE-287

[email protected]

web.nvd.nist.gov

cve-2022-47633

image signature

validation bypass

kyverno

kubernetes

vulnerability

nvd

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.3%

JSON

An image signature validation bypass vulnerability in Kyverno 1.8.3 and 1.8.4 allows a malicious image registry (or a man-in-the-middle attacker) to inject unsigned arbitrary container images into a protected Kubernetes cluster. This is fixed in 1.8.5. This has been fixed in 1.8.5 and mitigations are available for impacted releases.

Affected configurations

NVD

Node

kyvernokyvernoMatch1.8.3

kyvernokyvernoMatch1.8.4

CPENameOperatorVersion
kyverno:kyvernokyvernoeq1.8.3
kyverno:kyvernokyvernoeq1.8.4

CPE	Name	Operator	Version
kyverno:kyverno	kyverno	eq	1.8.3
kyverno:kyverno	kyverno	eq	1.8.4

References

github.com/kyverno/kyverno/compare/v1.8.4...v1.8.5

github.com/kyverno/kyverno/pull/5713

github.com/kyverno/kyverno/releases/tag/v1.8.5

github.com/kyverno/kyverno/security/advisories/GHSA-m3cq-xcx9-3gvm

kyverno.io/docs/writing-policies/verify-images/

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.3%

JSON

Related for CVE-2022-47633

osv3 cvelist1 nvd1 prion1 veracode1 github1