VYPR
Moderate severityNVD Advisory· Published Mar 24, 2025· Updated Mar 24, 2025

Kyverno ignores subjectRegExp and IssuerRegExp

CVE-2025-29778

Description

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were signed by unexpected certificate. Deploying these unauthorized kubernetes resources can lead to full compromise of kubernetes cluster. Version 1.14.0-alpha.1 contains a patch for the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/kyverno/kyvernoGo
>= 1.13.0, < 1.14.0-alpha.11.14.0-alpha.1

Affected products

16

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.