pkg:Go/github.com/kyverno/kyverno

共 30 筆 CVECRITICAL2HIGH18MEDIUM6

✅ 檢查你的版本

所有已知漏洞

  • CRITICAL9.9CVE-2026-22039Kyverno Cross-Namespace Privilege Escalation via Policy apiCall
    from 0, < 1.15.3
  • CRITICAL9.9CVE-2026-22039Kyverno Cross-Namespace Privilege Escalation via Policy apiCall
    from 0, < 1.15.3, >= 1.16.0-rc.1, < 1.16.3
  • HIGH8.5CVE-2026-4789Kyverno has SSRF via CEL http.Get/http.Post in NamespacedValidatingPolicy allows cross-namespace data access
    >= 1.16.0, < 1.17.0
  • HIGH8.5CVE-2026-4789Kyverno has SSRF via CEL http.Get/http.Post in NamespacedValidatingPolicy allows cross-namespace data access
    >= 1.16.0, <= 1.17.1
  • HIGH8.5CVE-2025-46342Kyverno vulnerable to bypass of policy rules that use namespace selectors in match statements in github.com/kyverno/kyverno
    from 0, < 1.13.5, >= 1.14.0-alpha.1, < 1.14.0
  • HIGH8.5CVE-2025-46342Kyverno vulnerable to bypass of policy rules that use namespace selectors in match statements in github.com/kyverno/kyverno
    from 0, < 1.13.5
  • HIGH8.1CVE-2026-41323Kyverno: ServiceAccount token leaked to external servers via apiCall service URL
    from 0, < 1.17.0
  • HIGH8.1CVE-2026-40868kyverno apicall servicecall implicit bearer token injection leaks kyverno serviceaccount token
    from 0, < 1.17.0
  • HIGH8.1CVE-2022-47633kyverno verifyImages rule bypass possible with malicious proxy/registry
    >= 1.8.3, < 1.8.5
  • HIGH8.1CVE-2022-47633kyverno verifyImages rule bypass possible with malicious proxy/registry
    >= 1.8.3, < 1.8.5
  • HIGH7.7CVE-2026-41485Kyverno Controller Denial of Service via forEach Mutation Panic
    >= 1.13.0, < 1.16.4
  • HIGH7.7CVE-2026-41068Kyverno: Cross-Namespace Read Bypasses RBAC Isolation (CVE-2026-22039 Incomplete Fix)
    from 0, <= 1.17.1
  • HIGH7.7CVE-2026-23881Kyverno Denial of Service via Context Variable Amplification in Policy Engine
    from 0, < 1.15.3
  • HIGH7.7CVE-2026-23881Kyverno Denial of Service via Context Variable Amplification in Policy Engine
    from 0, < 1.15.3, >= 1.16.0-rc.1, < 1.16.3
  • HIGH7.7CVE-2025-47281Kyverno's Improper JMESPath Variable Evaluation Lead to Denial of Service in github.com/kyverno/kyverno
    from 0, < 1.14.2
  • HIGH7.7CVE-2025-47281Kyverno's Improper JMESPath Variable Evaluation Lead to Denial of Service in github.com/kyverno/kyverno
    from 0, < 1.14.2
  • HIGH7.5CVE-2024-48921Kyverno's PolicyException objects can be created in any namespace by default in github.com/kyverno/kyverno
    from 0, < 1.13.0
  • HIGH7.5CVE-2024-48921Kyverno's PolicyException objects can be created in any namespace by default in github.com/kyverno/kyverno
    from 0, < 1.13.0
  • HIGH7.1CVE-2023-47630Attacker can cause Kyverno user to unintentionally consume insecure image
    from 0, < 1.10.5
  • HIGH7.1CVE-2023-47630Attacker can cause Kyverno user to unintentionally consume insecure image
    from 0, < 1.10.5
  • MEDIUM6.5CVE-2023-34091Kyverno resource with a deletionTimestamp may allow policy circumvention in github.com/kyverno/kyverno
    from 0, < 1.10.0
  • MEDIUM6.5CVE-2023-34091Kyverno resource with a deletionTimestamp may allow policy circumvention in github.com/kyverno/kyverno
    from 0, < 1.10.0
  • MEDIUM5.8CVE-2025-29778Kyverno ignores subjectRegExp and IssuerRegExp
    >= 1.13.0, < 1.14.0-alpha.1
  • MEDIUM5.8CVE-2025-29778Kyverno ignores subjectRegExp and IssuerRegExp
    from 0, < 1.14.0-alpha.1
  • MEDIUM4.6CVE-2023-33191kyverno seccomp control can be circumvented in github.com/kyverno/kyverno
    >= 1.9.2, < 1.9.4
  • MEDIUM4.6CVE-2023-33191kyverno seccomp control can be circumvented in github.com/kyverno/kyverno
    >= 1.9.2, < 1.9.4
  • CVE-2023-42814Denial of service from malicious image manifest in kyverno in github.com/kyverno/kyverno
    >= 1.5.0-rc1.0.20230601080528-80d139bb5d1d, < 1.5.0-rc1.0.20230918070231-fec2992e3f9f
  • CVE-2023-42813Denial of service from malicious manifest in kyverno in github.com/kyverno/kyverno
    >= 1.5.0-rc1.0.20230601080528-80d139bb5d1d, < 1.5.0-rc1.0.20230918070231-fec2992e3f9f
  • CVE-2023-42815Denial of service from malicious image manifest in kyverno in github.com/kyverno/kyverno
    >= 1.5.0-rc1.0.20230601080528-80d139bb5d1d, < 1.5.0-rc1.0.20230918070231-fec2992e3f9f
  • CVE-2023-42816Denial of service from malicious signature in kyverno in github.com/kyverno/kyverno
    >= 1.5.0-rc1.0.20230601080528-80d139bb5d1d, < 1.5.0-rc1.0.20230918070231-fec2992e3f9f