GHSA-33hq-f2mf-jm3c, CVE-2023-33191
go/github.com/kyverno/kyverno
kyverno seccomp control can be circumvented
Users of the podSecurity (validate.podSecurity
) subrule in Kyverno 1.9. See the documentation for information on this subrule type. Users of Kyverno v1.9.2 and v1.9.3 are affected.
v1.9.4 v1.10.0
To work around this issue without upgrading to v1.9.4, temporarily install individual policies for the respective Seccomp checks in baseline here and restricted here.
All versions starting from 1.9.2 before 1.9.4
Upgrade to version 1.9.4 or above.
2023-05-26
source |