
We found results for “”
CVE-2025-29778
Good to know:

Date: March 24, 2025
Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were signed by unexpected certificate. Deploying these unauthorized kubernetes resources can lead to full compromise of kubernetes cluster. Version 1.14.0-alpha.1 contains a patch for the issue.
Severity Score
Related Resources (8)
Severity Score
Weakness Type (CWE)
Improper Authorization
CWE-285Top Fix

Upgrade Version
Upgrade to version github.com/kyverno/kyverno - v1.14.0-alpha.1;https://github.com/kyverno/kyverno.git - v1.14.0
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | HIGH |
Privileges Required (PR): | HIGH |
User Interaction (UI): | NONE |
Scope (S): | CHANGED |
Confidentiality (C): | NONE |
Integrity (I): | HIGH |
Availability (A): | NONE |