Vulnerability Report: GO-2022-1180
- CVE-2022-47633, GHSA-m3cq-xcx9-3gvm
- Affects: github.com/kyverno/kyverno
- Published: Dec 27, 2022
- Modified: May 20, 2024
A malicious proxy/registry can bypass verifyImages rules.
For detailed information about this vulnerability, visit https://github.com/kyverno/kyverno/security/advisories/GHSA-m3cq-xcx9-3gvm.
Affected Packages
-
PathVersionsSymbols
-
from v1.8.3 before v1.8.5all symbols
Aliases
References
- https://github.com/kyverno/kyverno/security/advisories/GHSA-m3cq-xcx9-3gvm
- https://github.com/kyverno/kyverno/pull/5713
- https://kyverno.io/policies/best-practices/restrict_image_registries/restrict_image_registries
- https://vuln.go.dev/ID/GO-2022-1180.json
Credits
- @slashben
Feedback
See anything missing or incorrect?
Suggest an edit to this report.