Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-47633: Release v1.8.5 · kyverno/kyverno

An image signature validation bypass vulnerability in Kyverno 1.8.3 and 1.8.4 allows a malicious image registry (or a man-in-the-middle attacker) to inject unsigned arbitrary container images into a protected Kubernetes cluster. This is fixed in 1.8.5. This has been fixed in 1.8.5 and mitigations are available for impacted releases.

CVE
Open in Source
#vulnerability#git#kubernetes

    • Actions

      Automate any workflow

    • Packages

      Host and manage packages

    • Security

      Find and fix vulnerabilities

    • Codespaces

      Instant dev environments

    • Copilot

      Write better code with AI

    • Code review

      Manage code changes

    • Issues

      Plan and track work

    • Discussions

      Collaborate outside of code

*   Explore
*   All features
*   Documentation
*   GitHub Skills
*   Blog

    • For

    • Enterprise

    • Teams

    • Startups

    • Education

    • By Solution

    • CI/CD & Automation

    • DevOps

    • DevSecOps

    • Case Studies

    • Customer Stories

    • Resources

    • GitHub Sponsors

      Fund open source developers

*   The ReadME Project
    
    GitHub community articles
    

*   Repositories
*   Topics
*   Trending
*   Collections
  • Pricing

Related news

Container Verification Bug Allows Malicious Images to Cloud Up Kubernetes

A complete bypass of the Kyverno security mechanism for container image imports allows cyberattackers to completely take over a Kubernetes pod to steal data and inject malware.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE