{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-28T06:59:58.828","vulnerabilities":[{"cve":{"id":"CVE-2025-46342","sourceIdentifier":"security-advisories@github.com","published":"2025-04-30T15:16:02.440","lastModified":"2025-05-16T16:42:35.460","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.13.5 and 1.14.0, it may happen that policy rules using namespace selector(s) in their match statements are mistakenly not applied during admission review request processing due to a missing error propagation in function `GetNamespaceSelectorsFromNamespaceLister` in `pkg/utils/engine/labels.go`. As a consequence, security-critical mutations and validations are bypassed, potentially allowing attackers with K8s API access to perform malicious operations. This issue has been patched in versions 1.13.5 and 1.14.0."},{"lang":"es","value":"Kyverno es un motor de políticas diseñado para equipos de ingeniería de plataformas nativas de la nube. En versiones anteriores a la 1.13.5 y la 1.14.0, podía ocurrir que las reglas de políticas que usaban selectores de espacios de nombres en sus declaraciones de coincidencia no se aplicaran por error durante el procesamiento de solicitudes de revisión de admisión debido a la falta de propagación de errores en la función `GetNamespaceSelectorsFromNamespaceLister` en `pkg/utils/engine/labels.go`. Como consecuencia, se omiten las mutaciones y validaciones críticas para la seguridad, lo que podría permitir que atacantes con acceso a la API de K8 realicen operaciones maliciosas. Este problema se ha corregido en las versiones 1.13.5 y 1.14.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.8}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1287"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:kyverno:kyverno:*:*:*:*:*:*:*:*","versionEndIncluding":"1.11.5","matchCriteriaId":"15691918-C220-4933-95D2-6BF2BFBBA7E3"},{"vulnerable":true,"criteria":"cpe:2.3:a:kyverno:kyverno:*:*:*:*:*:*:*:*","versionStartIncluding":"1.12.0","versionEndExcluding":"1.13.5","matchCriteriaId":"3C44B650-9836-486D-B929-58CD724E9792"}]}]}],"references":[{"url":"https://github.com/kyverno/kyverno/commit/3ff923b7756e1681daf73849954bd88516589194","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/kyverno/kyverno/security/advisories/GHSA-jrr2-x33p-6hvc","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}