2 matches found
CVE-2023-34091
Kyverno prior to 1.10.0 could allow policy circumvention when a resource with deletionTimestamp is pending deletion, because Kyverno exempted such resources to reduce load. This could enable a malicious user to leverage Kubernetes finalizers to trigger deletionTimestamp without enforcing policies...
CVE-2023-34091 Kyverno resource with a deletionTimestamp may allow policy circumvention
Kyverno is a policy engine designed for Kubernetes. In versions of Kyverno prior to 1.10.0, resources which have the deletionTimestamp field defined can bypass validate, generate, or mutate-existing policies, even in cases where the validationFailureAction field is set to Enforce. This situation...