CVE-2025-46342

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-46342

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-46342.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-46342

Aliases

Related

CGA-p78g-8w29-9chf

Published

2025-04-30T15:16:02Z

Modified

2025-05-17T14:25:38.468287Z

Summary

[none]

Details

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.13.5 and 1.14.0, it may happen that policy rules using namespace selector(s) in their match statements are mistakenly not applied during admission review request processing due to a missing error propagation in function GetNamespaceSelectorsFromNamespaceLister in pkg/utils/engine/labels.go. As a consequence, security-critical mutations and validations are bypassed, potentially allowing attackers with K8s API access to perform malicious operations. This issue has been patched in versions 1.13.5 and 1.14.0.

References

Affected packages

Git / github.com/kyverno/kyverno

Affected ranges

Type: GIT
Repo: https://github.com/kyverno/kyverno
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

3ff923b7756e1681daf73849954bd88516589194

Affected versions

1.*

1.3.0-rc10

1.6-dev

1.7-dev

1.8-dev

1.9-dev

helm-chart-v2.*

helm-chart-v2.0.3

helm-chart-v2.0.3-rc1

helm-chart-v2.0.3-rc2

helm-chart-v2.1.0

helm-chart-v2.1.3

Other

test-dev

v0.*

v0.1.0

v0.10.0

v0.11.0

v0.2.0

v0.3.0

v0.4.0

v0.5.0

v0.6.0

v0.7.0

v0.7.1

v0.8.0

v0.9.0

v0.9.1

v1.*

v1.0.0

v1.0.0-rc1

v1.1.0

v1.1.1

v1.1.10

v1.1.11

v1.1.12

v1.1.2

v1.1.3

v1.1.3-rc1

v1.1.4

v1.1.4-rc1

v1.1.5

v1.1.6

v1.1.6-rc1

v1.1.6-rc2

v1.1.6-rc3

v1.1.6-rc4

v1.1.6-rc5

v1.1.7

v1.1.7-rc1

v1.1.7-rc2

v1.1.7-rc3

v1.1.7-rc4

v1.1.8

v1.1.9

v1.2.0

v1.2.1

v1.3.0

v1.3.0-rc1

v1.3.0-rc10

v1.3.0-rc11

v1.3.0-rc12

v1.3.0-rc2

v1.3.0-rc3

v1.3.0-rc4

v1.3.0-rc5

v1.3.0-rc6

v1.3.0-rc7

v1.3.0-rc8

v1.3.0-rc9

v1.3.1

v1.3.2

v1.3.2-rc1

v1.3.2-rc2

v1.3.2-rc3

v1.3.3

v1.3.4

v1.3.4-rc1

v1.3.5

v1.3.5-rc1

v1.3.5-rc2

v1.3.5-rc3

v1.3.5-rc4

v1.3.5-rc5

v1.3.6

v1.3.6-rc1

v1.3.6-rc2

v1.3.6-rc3

v1.3.6-rc4

v1.3.6-rc5

v1.4.0

v1.4.0-rc1

v1.4.0-rc2

v1.4.0-rc3

v1.4.0-rc4

v1.4.1

v1.4.2

v1.4.2-rc1

v1.4.2-rc2

v1.4.2-rc3

v1.4.2-rc4

v1.4.3

v1.4.3-rc1

v1.4.3-rc2

v1.5.0-rc1