CVE-2023-42814

Name of the Vulnerable Software and Affected Versions Kyverno versions 1.11.0 and later, built from the main branch

Description A security issue was found in Kyverno, a policy engine for Kubernetes, where an attacker could cause denial of service. The vulnerable component is Kyverno's Notary verifier. An attacker would need control over the registry from which Kyverno fetches attestations to return a malicious response, causing denial of service and blocking other users' admission requests. There are no known cases of this issue being exploited in the wild.

Recommendations For Kyverno versions 1.11.0 and later, built from the main branch, consider using official Kyverno releases, which are not affected by this issue. As a temporary workaround, consider restricting access to the Notary verifier component until a patch is available. Avoid using the main branch for building Kyverno from source, as this is not encouraged. At the moment, there is no information about a newer version that contains a fix for this vulnerability.