← Back

CVE-2025-46342

nvd nist
Published: Apr 30, 2025Modified: May 16, 2025

JSON object

Loading...
8.2
Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H
Exploitability: 1.8 / Impact: 5.8
Source: NVD

Description

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.13.5 and 1.14.0, it may happen that policy rules using namespace selector(s) in their match statements are mistakenly not applied during admission review request processing due to a missing error propagation in function `GetNamespaceSelectorsFromNamespaceLister` in `pkg/utils/engine/labels.go`. As a consequence, security-critical mutations and validations are bypassed, potentially allowing attackers with K8s API access to perform malicious operations. This issue has been patched in versions 1.13.5 and 1.14.0.

Affected (2)

Products: Kyverno: Kyverno
Kyverno
1 product
Kyverno
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Kyverno
Kyverno
Up to 1.11.5
Kyverno
From 1.12.0 to 1.13.5

Related CWEs

CWE-1287
Improper Validation of Specified Type of Input
The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.

References (2)

Source: security-advisories@github.com
Patch
Source: security-advisories@github.com
ExploitVendor Advisory

Timeline

No history available yet.