CVE-2023-42815

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Nov 13, 2023
Updated: Nov 21, 2023
CWE ID 835

Summary

CVE-2023-42815 is a security vulnerability in Kyverno, a policy engine designed for Kubernetes. The vulnerability affects the Notary verifier in Kyverno and can be exploited by an attacker who has control over the registry from which Kyverno fetches signatures. By sending a malicious response to Kyverno during its request to the registry, the attacker can cause a denial of service, blocking other users' admission requests from being processed. This vulnerability only affects users who build Kyverno from source at the main branch, not those using official Kyverno releases. There have been no known cases of this vulnerability being exploited in the wild.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-42815 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options