Description

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.13.5 and 1.14.0, it may happen that policy rules using namespace selector(s) in their match statements are mistakenly not applied during admission review request processing due to a missing error propagation in function `GetNamespaceSelectorsFromNamespaceLister` in `pkg/utils/engine/labels.go`. As a consequence, security-critical mutations and validations are bypassed, potentially allowing attackers with K8s API access to perform malicious operations. This issue has been patched in versions 1.13.5 and 1.14.0.

INFO

Published Date :

2025-04-30T14:55:13.124Z

Last Modified :

2025-04-30T15:10:25.100Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-46342 vulnerability.

Vendors Products
Kyverno
  • Kyverno
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-46342.

URL Resource
https://github.com/kyverno/kyverno/commit/3ff923b7756e1681daf73849954bd88516589194 cve-icon cve-icon
https://github.com/kyverno/kyverno/security/advisories/GHSA-jrr2-x33p-6hvc cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact