CVE-2023-34091

Kyverno is a policy engine designed for Kubernetes. In versions of Kyverno prior to 1.10.0, resources which have the deletionTimestamp field defined can bypass validate, generate, or mutate-existing policies, even in cases where the validationFailureAction field is set to Enforce. This situation...

Resolving Pending State During Cluster Removal with k10multicluster Tool

Challenge This article helps in finding and deleting long-running finalizers that are waiting on other resources and can cause deletions to appear stuck in the terminating state. Description: When Kubernetes attempts to delete the cluster object that has finalizers "dist.kio.kasten.io/debootstrap...

GHSA-HQ4M-4948-64CC Kyverno resource with a deletionTimestamp may allow policy circumvention

Impact In versions of Kyverno prior to 1.10.0, resources which have the deletionTimestamp field defined can bypass validate, generate, or mutate-existing policies, even in cases where the validationFailureAction field is set to Enforce. This situation occurs as resources pending deletion were bei...

Kyverno resource with a deletionTimestamp may allow policy circumvention

Impact In versions of Kyverno prior to 1.10.0, resources which have the deletionTimestamp field defined can bypass validate, generate, or mutate-existing policies, even in cases where the validationFailureAction field is set to Enforce. This situation occurs as resources pending deletion were bei...

SUSE CVE-2023-34091

Kyverno is a policy engine designed for Kubernetes. In versions of Kyverno prior to 1.10.0, resources which have the deletionTimestamp field defined can bypass validate, generate, or mutate-existing policies, even in cases where the validationFailureAction field is set to Enforce. This situation...

CVE-2023-34091

Kyverno is a policy engine designed for Kubernetes. In versions of Kyverno prior to 1.10.0, resources which have the deletionTimestamp field defined can bypass validate, generate, or mutate-existing policies, even in cases where the validationFailureAction field is set to Enforce. This situation...

Design/Logic Flaw

Kyverno is a policy engine designed for Kubernetes. In versions of Kyverno prior to 1.10.0, resources which have the deletionTimestamp field defined can bypass validate, generate, or mutate-existing policies, even in cases where the validationFailureAction field is set to Enforce. This situation...

CVE-2023-34091 Kyverno resource with a deletionTimestamp may allow policy circumvention

Kyverno is a policy engine designed for Kubernetes. In versions of Kyverno prior to 1.10.0, resources which have the deletionTimestamp field defined can bypass validate, generate, or mutate-existing policies, even in cases where the validationFailureAction field is set to Enforce. This situation...

PT-2023-24664 · Unknown +1 · Kubernetes +3

Name of the Vulnerable Software and Affected Versions: Kyverno versions prior to 1.10.0 Description: The issue allows resources with the deletionTimestamp field defined to bypass validate, generate, or mutate-existing policies, even when the validationFailureAction field is set to Enforce. This...

GO-2020-0031

Due to improper setting of finalizers, memory passed to C may be freed before it is used, leading to crashes due to memory corruption or possible code execution...

GO-2020-0002

The Data, Context, or Key finalizers might run during or before GPGME operations. This will release the C structures that are still in use, leading to crashes and potentially code execution through a use-after-free...