Home > Vulnerability Database > CVE-2023-33191

Mend.io Vulnerability Database

CVE-2023-33191

Good to know:

Date: May 30, 2023

Kyverno is a policy engine designed for Kubernetes. Kyverno seccomp control can be circumvented. Users of the podSecurity "validate.podSecurity" subrule in Kyverno 1.9.2 and 1.9.3 are vulnerable. This issue was patched in version 1.9.4.

Language: Go

Severity Score

4.6

Related Resources (6)

Url: https://github.com/kyverno/kyverno/pull/7263

Url: https://github.com/kyverno/kyverno/releases/tag/v1.9.4

Url: https://github.com/kyverno/kyverno/security/advisories/GHSA-33hq-f2mf-jm3c

Url: https://github.com/kyverno/kyverno

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-33191

Url: https://www.mend.io/vulnerability-database/CVE-2023-33191

Severity Score

4.6

Weakness Type (CWE)

Improper Access Control

CWE-284

Insufficient Information

NVD-CWE-noinfo

Top Fix

Upgrade Version

Upgrade to version github.com/kyverno/kyverno - v1.9.4

Learn More

CVSS v3.1

Base Score:	4.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2023-33191

Good to know:

Date: May 30, 2023

Language: Go

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?