CVE-2023-42816

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Nov 13, 2023

Updated: Nov 21, 2023

CWE ID 345

Summary

CVE-2023-42816 is a newly discovered denial-of-service vulnerability in Kyverno, a Kubernetes policy engine. The issue lies in Kyverno's Notary verifier, allowing an attacker with control over the registry to return malicious responses, causing Kyverno to become unresponsive and blocking the processing of admission requests for other users. This vulnerability affects only those users who build Kyverno from the main branch, as official releases are untouched. No known exploits have been reported in the wild.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Nirmata

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sr8Mzm
https://www.cve.org/CVERecord?id=CVE-2023-42816
https://nvd.nist.gov/vuln/detail/CVE-2023-42816

Back to Vulnerability Database

CVE-2023-42816

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations