3 matches found
CVE-2026-22039 Kyverno Cross-Namespace Privilege Escalation via Policy apiCall
Kyverno is a policy engine designed for cloud native platform engineering teams. Versions prior to 1.16.3 and 1.15.3 have a critical authorization boundary bypass in namespaced Kyverno Policy apiCall. The resolved urlPath is executed using the Kyverno admission controller ServiceAccount, with no...
Improper Input Validation
Overview Affected versions of this package are vulnerable to Improper Input Validation. An attacker with create pod permission could access local git repositories belonging to other pods on the same node by exploiting this vulnerability. Notes: 1 This is only exploitable if the cluster still uses...
CVE-2023-3027
The grc-policy-propagator allows security escalation within the cluster. The propagator allows policies which contain some dynamically obtained values instead of the policy apply a static manifest on a managed cluster of taking advantage of cluster scoped access in a created policy. This feature...