Anbrsap

**Name of the Vulnerable Software and Affected Versions** Kyverno versions prior to 1.13.5 and 1.14.0 **Description** The issue concerns a policy engine where policy rules using namespace selectors in their match statements may not be applied correctly due to a missing error propagation in the `GetNamespaceSelectorsFromNamespaceLister` function. This could allow attackers with K8s API access to perform malicious operations by bypassing security-critical mutations and validations. **Recommendations** For versions prior to 1.13.5, update to version 1.13.5 or later. For versions prior to 1.14.0, update to version 1.14.0 or later. As a temporary workaround, consider restricting access to the K8s API to minimize the risk of exploitation.