漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Kyverno vulnerable to bypass of policy rules that use namespace selectors in match statements
Vulnerability Description
Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.13.5 and 1.14.0, it may happen that policy rules using namespace selector(s) in their match statements are mistakenly not applied during admission review request processing due to a missing error propagation in function `GetNamespaceSelectorsFromNamespaceLister` in `pkg/utils/engine/labels.go`. As a consequence, security-critical mutations and validations are bypassed, potentially allowing attackers with K8s API access to perform malicious operations. This issue has been patched in versions 1.13.5 and 1.14.0.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
CWE-1287
Vulnerability Title
Kyverno 安全漏洞
Vulnerability Description
Kyverno是Kyverno开源的一个为 Kubernetes 设计的策略引擎。 Kyverno 1.14.0之前版本存在安全漏洞,该漏洞源于命名空间选择器错误处理不当,可能导致绕过安全策略。
CVSS Information
N/A
Vulnerability Type
N/A