Lucene search

GitHub_MCVELIST:CVE-2023-33191

HistoryMay 30, 2023 - 6:06 a.m.

CVE-2023-33191 kyverno seccomp control can be circumvented

2023-05-3006:06:14

CWE-284

GitHub_M

www.cve.org

kyverno

kubernetes

seccomp

circumvention

patched

4.6 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L

8.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.6%

JSON

Kyverno is a policy engine designed for Kubernetes. Kyverno seccomp control can be circumvented. Users of the podSecurity validate.podSecurity subrule in Kyverno 1.9.2 and 1.9.3 are vulnerable. This issue was patched in version 1.9.4.

CNA Affected

[
  {
    "vendor": "kyverno",
    "product": "kyverno",
    "versions": [
      {
        "version": ">= 1.9.2, < 1.9.4",
        "status": "affected"
      }
    ]
  }
]

References

github.com/kyverno/kyverno/pull/7263

github.com/kyverno/kyverno/releases/tag/v1.9.4

github.com/kyverno/kyverno/security/advisories/GHSA-33hq-f2mf-jm3c