漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Kyverno's PolicyException objects can be created in any namespace by default
Vulnerability Description
Kyverno is a policy engine designed for Kubernetes. A kyverno ClusterPolicy, ie. "disallow-privileged-containers," can be overridden by the creation of a PolicyException in a random namespace. By design, PolicyExceptions are consumed from any namespace. Administrators may not recognize that this allows users with privileges to non-kyverno namespaces to create exceptions. This vulnerability is fixed in 1.13.0.
CVSS Information
N/A
Vulnerability Type
授权机制不恰当
Vulnerability Title
Kyverno 授权问题漏洞
Vulnerability Description
Kyverno是Kyverno开源的一个为 Kubernetes 设计的策略引擎。 Kyverno 1.13.0版本之前存在授权问题漏洞,该漏洞源于kyverno ClusterPolicy,可以通过在随机命名空间中创建 PolicyException 来覆盖。
CVSS Information
N/A
Vulnerability Type
N/A