BIT-KYVERNO-2025-29778 Kyverno ignores subjectRegExp and IssuerRegExp

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were signed by...

Kyverno ignores subjectRegExp and IssuerRegExp

Summary Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were signed by unexpected certificate. Details Kyverno checks only subject and issuer fields when verifying an...

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the matchSignatures function in cosign.go, which does not check for subjectRegExp or issuerRegExp values during artifact signature verification. An attacker can deploy unauthorized...

CVE-2021-22253

Improper authorization in GitLab EE affecting all versions since 13.4 allowed a user who previously had the necessary access to trigger deployments to protected environments under specific conditions after the access has been removed...

CVE-2021-22253

Removed by vendor...