BIT-KYVERNO-2025-46342 Kyverno vulnerable to bypass of policy rules that use namespace selectors in match statements

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.13.5 and 1.14.0, it may happen that policy rules using namespace selectors in their match statements are mistakenly not applied during admission review request processing due to a missing error...

CVE-2025-55196

External Secrets Operator is a Kubernetes operator that integrates external secret management systems. From version 0.15.0 to before 0.19.2, a vulnerability was discovered where the List calls for Kubernetes Secret and SecretStore resources performed by the PushSecret controller did not apply a...

SUSE CVE-2025-46342

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.13.5 and 1.14.0, it may happen that policy rules using namespace selectors in their match statements are mistakenly not applied during admission review request processing due to a missing error...

GO-2025-3652 Kyverno vulnerable to bypass of policy rules that use namespace selectors in match statements in github.com/kyverno/kyverno

Kyverno vulnerable to bypass of policy rules that use namespace selectors in match statements in github.com/kyverno/kyverno...

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel due to improper handling of namespace selectors in the GetNamespaceSelectorsFromNamespaceLister function in labels.go. An attacker can bypass policy rules using malicious requests...

CVE-2025-46342 Kyverno vulnerable to bypass of policy rules that use namespace selectors in match statements

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.13.5 and 1.14.0, it may happen that policy rules using namespace selectors in their match statements are mistakenly not applied during admission review request processing due to a missing error...

GHSA-JRR2-X33P-6HVC Kyverno vulnerable to bypass of policy rules that use namespace selectors in match statements

Summary Due to a missing error propagation in function GetNamespaceSelectorsFromNamespaceLister in pkg/utils/engine/labels.go it may happen that policy rules using namespace selectors in their match statements are mistakenly not applied during admission review request processing. As a consequence...

Kyverno vulnerable to bypass of policy rules that use namespace selectors in match statements

Summary Due to a missing error propagation in function GetNamespaceSelectorsFromNamespaceLister in pkg/utils/engine/labels.go it may happen that policy rules using namespace selectors in their match statements are mistakenly not applied during admission review request processing. As a consequence...

PT-2025-18296 · Kyverno · Kyverno

Name of the Vulnerable Software and Affected Versions: Kyverno versions prior to 1.13.5 and 1.14.0 Description: The issue concerns a policy engine where policy rules using namespace selectors in their match statements may not be applied correctly due to a missing error propagation in the...