CVE-2023-33191

Name of the Vulnerable Software and Affected Versions Kyverno versions 1.9.2 through 1.9.3

Description Kyverno is a policy engine designed for Kubernetes. The issue concerns the Kyverno seccomp control, which can be circumvented. Users of the podSecurity validate.podSecurity subrule are affected. The problem arises when using a version value of latest, but there is no effect if a version number is referenced instead.

Recommendations For Kyverno versions 1.9.2 and 1.9.3, upgrade to version 1.9.4 to resolve the issue. As a temporary workaround for versions 1.9.2 and 1.9.3, consider installing individual policies for the respective Seccomp checks in baseline and restricted modes.