2 matches found
Kyverno vulnerable to bypass of policy rules that use namespace selectors in match statements
Summary Due to a missing error propagation in function GetNamespaceSelectorsFromNamespaceLister in pkg/utils/engine/labels.go it may happen that policy rules using namespace selectors in their match statements are mistakenly not applied during admission review request processing. As a consequence...
PT-2025-18296 · Kyverno · Kyverno
Name of the Vulnerable Software and Affected Versions: Kyverno versions prior to 1.13.5 and 1.14.0 Description: The issue concerns a policy engine where policy rules using namespace selectors in their match statements may not be applied correctly due to a missing error propagation in the...