CVE-2023-33191

Kyverno is a policy engine designed for Kubernetes. Kyverno seccomp control can be circumvented. Users of the podSecurity `validate.podSecurity` subrule in Kyverno 1.9.2 and 1.9.3 are vulnerable. This issue was patched in version 1.9.4.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.6 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
GitHub_MCNA
4.6 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 32%
VendorProductVersion
nirmatakyverno
1.9.2 ≤
𝑥
< 1.9.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/kyverno/kyverno/pull/7263
https://github.com/kyverno/kyverno/releases/tag/v1.9.4
https://github.com/kyverno/kyverno/security/advisories/GHSA-33hq-f2mf-jm3c
https://github.com/kyverno/kyverno/pull/7263
https://github.com/kyverno/kyverno/releases/tag/v1.9.4
https://github.com/kyverno/kyverno/security/advisories/GHSA-33hq-f2mf-jm3c