CVE-2023-42814

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Nov 13, 2023
Updated: Nov 21, 2023
CWE ID 835

Summary

CVE-2023-42814 is a denial-of-service vulnerability affecting Kyverno, a policy engine for Kubernetes. The issue lies in the Kyverno Notary verifier, which can be exploited by an attacker with control over the registry from which Kyverno fetches attestations. The attacker can return a malicious response, causing Kyverno to deny service and block the processing of other users' admission requests. This vulnerability was introduced in Kyverno version 1.11.0, but users of official releases are not affected. Only those building Kyverno from the main branch are at risk, and there are currently no known instances of this vulnerability being exploited in the wild.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share