CVE-2022-47633
First published: Wed Dec 21 2022(Updated: )
### Impact Users of Kyverno on versions 1.8.3 or 1.8.4 who use `verifyImages` rules to verify container image signatures, and do not prevent use of unknown registries. ### Patches This issue has been fixed in version [1.8.5](https://github.com/kyverno/kyverno/releases/tag/v1.8.5) ### Workarounds Configure a Kyverno policy to restrict registries to a set of secure trusted image registries ([sample](https://kyverno.io/policies/best-practices/restrict_image_registries/restrict_image_registries/)). ### References
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| go/github.com/kyverno/kyverno | >=1.8.3<1.8.5 | 1.8.5 |
| Kyverno Kyverno | =1.8.3 | |
| Kyverno Kyverno | =1.8.4 | |
| =1.8.3 | ||
| =1.8.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/kyverno/kyverno/security/advisories/GHSA-m3cq-xcx9-3gvm
- https://github.com/kyverno/kyverno/pull/5713
- https://github.com/kyverno/kyverno/releases/tag/v1.8.5
- https://nvd.nist.gov/vuln/detail/CVE-2022-47633
- https://github.com/kyverno/kyverno/compare/v1.8.4...v1.8.5
- https://kyverno.io/docs/writing-policies/verify-images/
- https://pkg.go.dev/vuln/GO-2022-1180
- https://web.archive.org/web/20230426095744/https://kyverno.io/policies/best-practices/restrict_image_registries/restrict_image_registries/
- https://github.com/advisories/GHSA-m3cq-xcx9-3gvm (Advisory)
- https://kyverno.io/policies/best-practices/restrict_image_registries/restrict_image_registries
Frequently Asked Questions
What is the vulnerability ID for this Kyverno security issue?
The vulnerability ID for this Kyverno security issue is CVE-2022-47633.
What is the impact of this vulnerability?
The impact of this vulnerability is that it allows a malicious image to bypass signature validation in Kyverno 1.8.3 and 1.8.4.
What versions of Kyverno are affected by this vulnerability?
Versions 1.8.3 and 1.8.4 of Kyverno are affected by this vulnerability.
How can I fix this vulnerability?
To fix this vulnerability, update to version 1.8.5 of Kyverno.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability in the Kyverno security advisories, pull request, and release notes.
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-m3cq-xcx9-3gvm
- alias/CVE-2022-47633
- agent/software-canonical-lookup
- agent/references
- agent/weakness
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/description
- collector/nvd-cve
- source/NVD
- collector/github-advisory
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- agent/last-modified-date
- agent/author
- agent/tags
- agent/event
- agent/trending
- vendor/kyverno
- canonical/kyverno kyverno
- version/kyverno kyverno/1.8.3
- version/kyverno kyverno/1.8.4
- package-manager/go