CVE-2022-47633
Severity CVSS v4.0:
Pending analysis
Type:
CWE-287
Authentication Issues
Publication date:
23/12/2022
Last modified:
15/04/2025
Description
An image signature validation bypass vulnerability in Kyverno 1.8.3 and 1.8.4 allows a malicious image registry (or a man-in-the-middle attacker) to inject unsigned arbitrary container images into a protected Kubernetes cluster. This is fixed in 1.8.5. This has been fixed in 1.8.5 and mitigations are available for impacted releases.
Impact
Base Score 3.x
8.10
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:kyverno:kyverno:1.8.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:kyverno:kyverno:1.8.4:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://github.com/kyverno/kyverno/compare/v1.8.4...v1.8.5
- https://github.com/kyverno/kyverno/pull/5713
- https://github.com/kyverno/kyverno/releases/tag/v1.8.5
- https://github.com/kyverno/kyverno/security/advisories/GHSA-m3cq-xcx9-3gvm
- https://kyverno.io/docs/writing-policies/verify-images/
- https://github.com/kyverno/kyverno/compare/v1.8.4...v1.8.5
- https://github.com/kyverno/kyverno/pull/5713
- https://github.com/kyverno/kyverno/releases/tag/v1.8.5
- https://github.com/kyverno/kyverno/security/advisories/GHSA-m3cq-xcx9-3gvm
- https://kyverno.io/docs/writing-policies/verify-images/