CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
58.7%
Users of Kyverno on versions 1.8.3 or 1.8.4 who use verifyImages
rules to verify container image signatures, and do not prevent use of unknown registries.
This issue has been fixed in version 1.8.5
Configure a Kyverno policy to restrict registries to a set of secure trusted image registries (sample).
github.com/kyverno/kyverno
github.com/kyverno/kyverno/compare/v1.8.4...v1.8.5
github.com/kyverno/kyverno/pull/5713
github.com/kyverno/kyverno/releases/tag/v1.8.5
github.com/kyverno/kyverno/security/advisories/GHSA-m3cq-xcx9-3gvm
kyverno.io/docs/writing-policies/verify-images
kyverno.io/policies/best-practices/restrict_image_registries/restrict_image_registries
nvd.nist.gov/vuln/detail/CVE-2022-47633
pkg.go.dev/vuln/GO-2022-1180
web.archive.org/web/20230426095744/https://kyverno.io/policies/best-practices/restrict_image_registries/restrict_image_registries