CVE-2023-47630

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Nov 14, 2023
Updated: Dec 1, 2023
CWE ID 345

Summary

CVE-2023-47630 is a vulnerability affecting Kyverno, a policy engine designed for Kubernetes. The vulnerability allows an attacker to manipulate the image digests used by Kyverno users by compromising the registry from which the images are fetched. This could enable the attacker to deliver vulnerable images or craft malicious images with intentionally placed vulnerabilities to escalate their position within the system. However, this vulnerability does not impact users pulling images by digests from trusted registries. The issue has been patched in version 1.10.5, and all users are advised to upgrade to mitigate any potential risks. There is currently no evidence of this vulnerability being exploited in the wild.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-47630 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options