3 matches found
GO-2025-3562 Kyverno ignores subjectRegExp and IssuerRegExp in github.com/kyverno/kyverno
Kyverno ignores subjectRegExp and IssuerRegExp in github.com/kyverno/kyverno...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the matchSignatures function in cosign.go, which does not check for subjectRegExp or issuerRegExp values during artifact signature verification. An attacker can deploy unauthorized...
Kyverno ignores subjectRegExp and IssuerRegExp
Summary Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were signed by unexpected certificate. Details Kyverno checks only subject and issuer fields when verifying an...