- Description
- Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were signed by unexpected certificate. Deploying these unauthorized kubernetes resources can lead to full compromise of kubernetes cluster. Version 1.14.0-alpha.1 contains a patch for the issue.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 5.8
- Impact score
- 4
- Exploitability score
- 1.3
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N
- Severity
- MEDIUM
- security-advisories@github.com
- CWE-285
- Hype score
- Not currently trending
CVE-2025-29778 Kyverno Signature Verification Bypass Vulnerability in Versions Prior to 1.14.0-alpha.1 https://t.co/LpCOU5wGMw
@VulmonFeeds
25 Mar 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-29778: Kyverno Ignores subjectRegExp and IssuerRegExp Leading to Improper Authorization https://t.co/yz3fHlg7kT
@_cvereports
24 Mar 2025
13 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-29778 Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores subjectRegExp and IssuerRegExp while… https://t.co/IEOIzid9cL
@CVEnew
24 Mar 2025
321 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes