CVE-2023-42814
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Summary
CVE-2023-42814 is a denial-of-service vulnerability affecting Kyverno, a policy engine for Kubernetes. The issue lies in the Kyverno Notary verifier, which can be exploited by an attacker with control over the registry from which Kyverno fetches attestations. The attacker can return a malicious response, causing Kyverno to deny service and block the processing of other users' admission requests. This vulnerability was introduced in Kyverno version 1.11.0, but users of official releases are not affected. Only those building Kyverno from the main branch are at risk, and there are currently no known instances of this vulnerability being exploited in the wild.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Vendors
- Nirmata