Lucene search
K

17 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.12 views

CVE-2026-41323

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4, Kyverno's apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP requests. The service URL has n...

9.1CVSS5.4AI score0.0056EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/24 3:21 a.m.7 views

CVE-2026-41323

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4, Kyverno's apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP requests. The service URL has n...

8.1CVSS5.7AI score0.0056EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2026/04/21 7:16 p.m.6 views

CVE-2026-40868

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to 1.16.4, kyverno’s apiCall servicecall helper implicitly injects Authorization: Bearer ... using the kyverno controller serviceaccount token when a policy does not explicitly set an Authorization header...

8.1CVSS0.00289EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.13 views

PT-2026-34846

Name of the Vulnerable Software and Affected Versions Kyverno versions prior to 1.18.0 Kyverno versions prior to 1.17.2 Kyverno versions prior to 1.16.4 Description The apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP request...

9.1CVSS5.9AI score0.0056EPSS
Exploits1References11
Github Security Blog
Github Security Blog
added 2026/01/27 6:2 p.m.16 views

Kyverno Denial of Service via Context Variable Amplification in Policy Engine

Summary Unbounded memory consumption in Kyverno's policy engine allows users with policy creation privileges to cause Denial of Serviceby crafting policies that exponentially amplify string data through context variables. Details For example, the random JMESPath function in...

7.7CVSS5.9AI score0.00531EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/01/27 4:10 p.m.4 views

CVE-2026-23881 Kyverno Denial of Service via Context Variable Amplification in Policy Engine

Kyverno is a policy engine designed for cloud native platform engineering teams. Versions prior to 1.16.3 and 1.15.3 have unbounded memory consumption in Kyverno's policy engine that allows users with policy creation privileges to cause denial of service by crafting policies that exponentially...

7.7CVSS5.9AI score0.00531EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/01/27 4:10 p.m.3 views

CVE-2026-23881

Kyverno is a policy engine designed for cloud native platform engineering teams. Versions prior to 1.16.3 and 1.15.3 have unbounded memory consumption in Kyverno's policy engine that allows users with policy creation privileges to cause denial of service by crafting policies that exponentially...

7.7CVSS5.9AI score0.00531EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/01/27 4:7 p.m.5 views

EUVD-2026-4811

Kyverno is a policy engine designed for cloud native platform engineering teams. Versions prior to 1.16.3 and 1.15.3 have a critical authorization boundary bypass in namespaced Kyverno Policy apiCall. The resolved urlPath is executed using the Kyverno admission controller ServiceAccount, with no...

9.9CVSS5.9AI score0.00516EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2023-2862

Malicious code in bioql PyPI...

7.1CVSS6.8AI score0.00261EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-1825

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.00497EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-7996

Malicious code in bioql PyPI...

8CVSS5.4AI score0.00317EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2025/05/23 4:21 a.m.9 views

CVE-2023-42815

Kyverno is a policy engine designed for Kubernetes. A security vulnerability was found in Kyverno where an attacker could cause denial of service of Kyverno. The vulnerability was in Kyvernos Notary verifier. An attacker would need control over the registry from which Kyverno would fetch...

5.3CVSS6.9AI score0.00671EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/02 3:15 p.m.14 views

CVE-2025-46342

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.13.5 and 1.14.0, it may happen that policy rules using namespace selectors in their match statements are mistakenly not applied during admission review request processing due to a missing error...

8.5CVSS6.7AI score0.00618EPSS
Exploits1References1
NVD
NVD
added 2025/04/30 3:16 p.m.55 views

CVE-2025-46342

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.13.5 and 1.14.0, it may happen that policy rules using namespace selectors in their match statements are mistakenly not applied during admission review request processing due to a missing error...

8.5CVSS0.00618EPSS
Exploits1References2
CVE
CVE
added 2025/04/30 2:55 p.m.224 views

CVE-2025-46342

Kyverno CVE-2025-46342 affects policy rules using namespace selectors in match statements. Prior to versions 1.13.5 and 1.14.0, a missing error propagation in GetNamespaceSelectorsFromNamespaceLister (pkg/utils/engine/labels.go) may cause those rules to be ignored during admission review, bypassi...

8.5CVSS8.4AI score0.00618EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2025/03/24 4:38 p.m.276 views

CVE-2025-29778

Kyverno (policy engine for cloud-native platforms) contains a vulnerability prior to version 1.14.0-alpha.1 where artifact verification in keyless mode ignores subjectRegExp and IssuerRegExp, allowing deployment of Kubernetes resources signed with an unexpected certificate and potentially full cl...

8CVSS7.1AI score0.00317EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2023/11/14 8:59 p.m.11 views

CVE-2023-47630 Attacker can cause Kyverno user to unintentionally consume insecure image

Kyverno is a policy engine designed for Kubernetes. An issue was found in Kyverno that allowed an attacker to control the digest of images used by Kyverno users. The issue would require the attacker to compromise the registry that the Kyverno users fetch their images from. The attacker could then...

7.1CVSS6.8AI score0.00261EPSS
Exploits0References3
Rows per page
Query Builder