CVE-2022-47633
Summary
| CVE | CVE-2022-47633 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-12-23 23:15:00 UTC |
| Updated | 2023-01-04 19:57:00 UTC |
| Description | An image signature validation bypass vulnerability in Kyverno 1.8.3 and 1.8.4 allows a malicious image registry (or a man-in-the-middle attacker) to inject unsigned arbitrary container images into a protected Kubernetes cluster. This is fixed in 1.8.5. This has been fixed in 1.8.5 and mitigations are available for impacted releases. |
Risk And Classification
Problem Types: CWE-287
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Release v1.8.5 · kyverno/kyverno · GitHub | MISC | github.com | |
| Bypass of verifyImages rule possible with malicious proxy/registry · Advisory · kyverno/kyverno · GitHub | CONFIRM | github.com | |
| Require predicate type by JimBugwadia · Pull Request #5713 · kyverno/kyverno · GitHub | MISC | github.com | |
| Comparing v1.8.4...v1.8.5 · kyverno/kyverno · GitHub | MISC | github.com | |
| Verify Images | Kyverno | MISC | kyverno.io | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.