Product

Kyverno

2 briefs RSS

medium threat

Kyverno Vulnerability Allows Cross-Site Scripting

2 rules 1 TTP

A remote, authenticated attacker can exploit a vulnerability in Kyverno to perform a cross-site scripting attack.

Kyverno xss web-application

2r 1t May 13, 2026

medium advisory

Kyverno Controller Denial of Service via forEach Mutation Panic

2 rules 2 TTPs

An unchecked type assertion in Kyverno versions v1.13.0 to v1.17.1 allows a user with permission to create a Policy or ClusterPolicy to crash the cluster-wide background controller into a persistent CrashLoopBackOff, leading to a denial of service, by crafting a malicious policy that triggers a nil pointer dereference in the forEach mutation handler.

Kyverno denial-of-service kubernetes policy-engine

2r 2t Jan 27, 2024