Chipzoller

**Name of the Vulnerable Software and Affected Versions** Kyverno versions 1.9.2 through 1.9.3 **Description** Kyverno is a policy engine designed for Kubernetes. The issue concerns the Kyverno seccomp control, which can be circumvented. Users of the podSecurity `validate.podSecurity` subrule are affected. The problem arises when using a `version` value of `latest`, but there is no effect if a version number is referenced instead. **Recommendations** For Kyverno versions 1.9.2 and 1.9.3, upgrade to version 1.9.4 to resolve the issue. As a temporary workaround for versions 1.9.2 and 1.9.3, consider installing individual policies for the respective Seccomp checks in baseline and restricted modes.