CVE-2023-33191

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-33191

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-33191.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-33191

Aliases

Related

GHSA-33hq-f2mf-jm3c

Published

2023-05-30T07:15:09Z

Modified

2025-01-14T11:45:45.734176Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Kyverno is a policy engine designed for Kubernetes. Kyverno seccomp control can be circumvented. Users of the podSecurity validate.podSecurity subrule in Kyverno 1.9.2 and 1.9.3 are vulnerable. This issue was patched in version 1.9.4.

References

Affected packages

Git / github.com/kyverno/kyverno

Affected ranges

Type: GIT
Repo: https://github.com/kyverno/kyverno
Events: Introduced

4dbffc57a124d14e681874b9839a8c14a41edfe0

Fixed

2f1790a2a39052227e3e8e9b02daee616958eba4

Affected versions

kyverno-chart-2.*

kyverno-chart-2.7.2

kyverno-chart-2.7.3

kyverno-policies-chart-2.*

kyverno-policies-chart-2.7.2

kyverno-policies-chart-2.7.3

v1.*

v1.9.2

v1.9.3