CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
19.3%
github.com/kyverno/kyverno is vulnerable to Insufficient Verification Of Data Authenticity. The vulnerability allows an attacker to control the digest of images used by Kyverno users. To exploit this issue, the attacker would need to compromise the registry from which Kyverno fetches its images. Once compromised, the attacker could provide a vulnerable image to the user and leverage it to further escalate their position or carry out additional attacks.
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
19.3%