Описание
Kyverno is a policy engine designed for cloud native platform engineering teams. Versions prior to 1.16.3 and 1.15.3 have unbounded memory consumption in Kyverno's policy engine that allows users with policy creation privileges to cause denial of service by crafting policies that exponentially amplify string data through context variables. Versions 1.16.3 and 1.15.3 contain a patch for the vulnerability.
Уязвимые конфигурации
Конфигурация 1Версия до 1.15.3 (исключая)Версия от 1.16.0 (включая) до 1.16.3 (исключая)
Одно из
cpe:2.3:a:kyverno:kyverno:*:*:*:*:*:*:*:*
cpe:2.3:a:kyverno:kyverno:*:*:*:*:*:*:*:*
EPSS
Процентиль: 14%
0.00046
Низкий
7.7 High
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-770
Связанные уязвимости
CVSS3: 7.7
github
12 дней назад
Kyverno Denial of Service via Context Variable Amplification in Policy Engine
EPSS
Процентиль: 14%
0.00046
Низкий
7.7 High
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-770