CVE-2022-47633

Name of the Vulnerable Software and Affected Versions Kyverno versions 1.8.3 through 1.8.4

Description An image signature validation bypass issue allows a malicious image registry or a man-in-the-middle attacker to inject unsigned arbitrary container images into a protected Kubernetes cluster. This affects users of Kyverno who use verifyImages rules to verify container image signatures and do not prevent the use of unknown registries.

Recommendations For Kyverno versions 1.8.3 and 1.8.4, update to version 1.8.5 to resolve the issue. As a temporary workaround, consider configuring a Kyverno policy to restrict registries to a set of secure trusted image registries.