OpenCVE

Vendors	Products
Nirmata	Kyverno

Link	Providers
https://github.com/kyverno/kyverno/commit/80d139bb5d1d9d7e907abe851b97dc73821a5be2
https://github.com/kyverno/kyverno/commit/fec2992e3f9fcd6b9c62267522c09b182e7df73b
https://github.com/kyverno/kyverno/pull/8428
https://github.com/kyverno/kyverno/security/advisories/GHSA-4mp4-46gq-hv3r

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-42816", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-09-14T16:13:33.308Z", "datePublished": "2023-11-13T20:23:16.248Z", "dateUpdated": "2024-08-02T19:30:24.686Z"}, "containers": {"cna": {"title": "Denial of service from malicious signature in kyverno", "problemTypes": [{"descriptions": [{"cweId": "CWE-345", "lang": "en", "description": "CWE-345: Insufficient Verification of Data Authenticity", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/kyverno/kyverno/security/advisories/GHSA-4mp4-46gq-hv3r", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/kyverno/kyverno/security/advisories/GHSA-4mp4-46gq-hv3r"}, {"name": "https://github.com/kyverno/kyverno/pull/8428", "tags": ["x_refsource_MISC"], "url": "https://github.com/kyverno/kyverno/pull/8428"}, {"name": "https://github.com/kyverno/kyverno/commit/80d139bb5d1d9d7e907abe851b97dc73821a5be2", "tags": ["x_refsource_MISC"], "url": "https://github.com/kyverno/kyverno/commit/80d139bb5d1d9d7e907abe851b97dc73821a5be2"}, {"name": "https://github.com/kyverno/kyverno/commit/fec2992e3f9fcd6b9c62267522c09b182e7df73b", "tags": ["x_refsource_MISC"], "url": "https://github.com/kyverno/kyverno/commit/fec2992e3f9fcd6b9c62267522c09b182e7df73b"}], "affected": [{"vendor": "kyverno", "product": "kyverno", "versions": [{"version": ">= 80d139bb5d1d9d7e907abe851b97dc73821a5be2, < fec2992e3f9fcd6b9c62267522c09b182e7df73b", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-11-14T18:54:09.977Z"}, "descriptions": [{"lang": "en", "value": "Kyverno is a policy engine designed for Kubernetes. A security vulnerability was found in Kyverno where an attacker could cause denial of service of Kyverno. The vulnerability was in Kyvernos Notary verifier. An attacker would need control over the registry from which Kyverno would fetch signatures. With such a position, the attacker could return a malicious response to Kyverno, when Kyverno would send a request to the registry. The malicious response would cause denial of service of Kyverno, such that other users' admission requests would be blocked from being processed. This is a vulnerability in a new component released in v1.11.0. The only users affected by this are those that have been building Kyverno from source at the main branch which is not encouraged. Users consuming official Kyverno releases are not affected. There are no known cases of this vulnerability being exploited in the wild."}], "source": {"advisory": "GHSA-4mp4-46gq-hv3r", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:30:24.686Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/kyverno/kyverno/security/advisories/GHSA-4mp4-46gq-hv3r", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/kyverno/kyverno/security/advisories/GHSA-4mp4-46gq-hv3r"}, {"name": "https://github.com/kyverno/kyverno/pull/8428", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/kyverno/kyverno/pull/8428"}, {"name": "https://github.com/kyverno/kyverno/commit/80d139bb5d1d9d7e907abe851b97dc73821a5be2", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/kyverno/kyverno/commit/80d139bb5d1d9d7e907abe851b97dc73821a5be2"}, {"name": "https://github.com/kyverno/kyverno/commit/fec2992e3f9fcd6b9c62267522c09b182e7df73b", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/kyverno/kyverno/commit/fec2992e3f9fcd6b9c62267522c09b182e7df73b"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nirmata:kyverno:1.11.0:-:*:*:*:go:*:*", "matchCriteriaId": "60D64C55-D7D4-4EAC-8A8F-2611CABBECDA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Kyverno is a policy engine designed for Kubernetes. A security vulnerability was found in Kyverno where an attacker could cause denial of service of Kyverno. The vulnerability was in Kyvernos Notary verifier. An attacker would need control over the registry from which Kyverno would fetch signatures. With such a position, the attacker could return a malicious response to Kyverno, when Kyverno would send a request to the registry. The malicious response would cause denial of service of Kyverno, such that other users' admission requests would be blocked from being processed. This is a vulnerability in a new component released in v1.11.0. The only users affected by this are those that have been building Kyverno from source at the main branch which is not encouraged. Users consuming official Kyverno releases are not affected. There are no known cases of this vulnerability being exploited in the wild."}, {"lang": "es", "value": "Kyverno es un motor de pol\u00edticas dise\u00f1ado para Kubernetes. Se encontr\u00f3 una vulnerabilidad de seguridad en Kyverno donde un atacante podr\u00eda provocar la denegaci\u00f3n de servicio de Kyverno. La vulnerabilidad estaba en el verificador de Kyvernos Notary. Un atacante necesitar\u00eda controlar el registro del que Kyverno obtendr\u00eda firmas. Con tal posici\u00f3n, el atacante podr\u00eda devolver una respuesta maliciosa a Kyverno, cuando Kyverno enviar\u00eda una solicitud al registro. La respuesta maliciosa provocar\u00eda la denegaci\u00f3n de servicio de Kyverno, de modo que se bloquear\u00eda el procesamiento de las solicitudes de admisi\u00f3n de otros usuarios. Esta es una vulnerabilidad en un nuevo componente lanzado en la versi\u00f3n 1.11.0. Los \u00fanicos usuarios afectados por esto son aquellos que han estado compilando Kyverno desde la fuente en la sucursal principal, lo cual no es recomendable. Los usuarios que consumen versiones oficiales de Kyverno no se ven afectados. No se conocen casos de explotaci\u00f3n de esta vulnerabilidad en la naturaleza."}], "id": "CVE-2023-42816", "lastModified": "2024-11-21T08:23:16.373", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 4.0, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-13T21:15:08.127", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/kyverno/kyverno/commit/80d139bb5d1d9d7e907abe851b97dc73821a5be2"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/kyverno/kyverno/commit/fec2992e3f9fcd6b9c62267522c09b182e7df73b"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/kyverno/kyverno/pull/8428"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/kyverno/kyverno/security/advisories/GHSA-4mp4-46gq-hv3r"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/kyverno/kyverno/commit/80d139bb5d1d9d7e907abe851b97dc73821a5be2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/kyverno/kyverno/commit/fec2992e3f9fcd6b9c62267522c09b182e7df73b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/kyverno/kyverno/pull/8428"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/kyverno/kyverno/security/advisories/GHSA-4mp4-46gq-hv3r"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-345"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object