CVE-2025-29778

Medium CVSS: 5.8

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were signed by unexpected certificate. Deploying these unauthorized kubernetes resources can lead to full compromise of kubernetes cluster. Version 1.14.0-alpha.1 contains a patch for the issue.

Vendor

Kyverno

Product

Kyverno

CWE

CWE-285

Yayın Tarihi

2025-03-24 17:15:20

Güncelleme

2025-08-01 13:10:56

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-285 Kyverno MEDIUM Kyverno 2025

Referanslar

https://github.com/Mohdcode/kyverno/blob/373f942ea9fa8b63140d0eb0e101b9a5f71033f3/pkg/cosign/cosign.go#L537 https://github.com/kyverno/kyverno/commit/8777672fb17bdf252bd2e7d8de3441e240404a60 https://github.com/kyverno/kyverno/pull/12237 https://github.com/kyverno/kyverno/security/advisories/GHSA-46mp-8w32-6g94 https://github.com/kyverno/policies/issues/1246

Benzer Kayıtlar

Critical

CVE-2026-4789

Kyverno, versions 1.16.0 and later, are vulnerable to SSRF due to unrestricted CEL HTTP functions.

Critical

CVE-2026-22039

Kyverno is a policy engine designed for cloud native platform engineering teams. Versions prior to 1.16.3 and 1.15.3 hav…

High

CVE-2026-23881

Kyverno is a policy engine designed for cloud native platform engineering teams. Versions prior to 1.16.3 and 1.15.3 hav…

High

CVE-2025-47281

Kyverno is a policy engine designed for cloud native platform engineering teams. In versions 1.14.1 and below, a Denial…