CVE-2023-42813

Name of the Vulnerable Software and Affected Versions Kyverno versions 1.11.0 and later built from the main branch

Description A security issue was found in Kyverno, a policy engine for Kubernetes, where an attacker could cause denial of service. The vulnerable component is Kyverno's Notary verifier. An attacker would need control over the registry from which Kyverno fetches attestations to return a malicious response, causing denial of service and blocking other users' admission requests. There are no known cases of this issue being exploited in the wild.

Recommendations For Kyverno versions 1.11.0 and later built from the main branch, consider avoiding the use of the Notary verifier until a fix is available. Users consuming official Kyverno releases are not affected and do not need to take any action. At the moment, there is no information about a newer version that contains a fix for this issue.