Jeidsath

**Name of the Vulnerable Software and Affected Versions** Kyverno versions prior to 1.13.0 **Description** A kyverno ClusterPolicy can be overridden by the creation of a PolicyException in a random namespace. By design, PolicyExceptions are consumed from any namespace, which may allow users with privileges to non-kyverno namespaces to create exceptions. Administrators may not recognize this potential bypass. **Recommendations** For versions prior to 1.13.0, update to version 1.13.0 to fix the vulnerability. As a temporary workaround, consider restricting the creation of PolicyException objects to authorized namespaces until the update is applied. Restrict access to the `PolicyException` object to minimize the risk of exploitation. Avoid using the `PolicyException` object in non-kyverno namespaces until the issue is resolved.