icon

We found results for “

CVE-2025-29778

Good to know:

icon

Date: March 24, 2025

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were signed by unexpected certificate. Deploying these unauthorized kubernetes resources can lead to full compromise of kubernetes cluster. Version 1.14.0-alpha.1 contains a patch for the issue.

Severity Score

Severity Score

Weakness Type (CWE)

Improper Authorization

CWE-285

Top Fix

icon

Upgrade Version

Upgrade to version github.com/kyverno/kyverno - v1.14.0-alpha.1;https://github.com/kyverno/kyverno.git - v1.14.0

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): HIGH
User Interaction (UI): NONE
Scope (S): CHANGED
Confidentiality (C): NONE
Integrity (I): HIGH
Availability (A): NONE

Do you need more information?

Contact Us