x/vulndb: potential Go vuln in github.com/kyverno/kyverno: GHSA-33hq-f2mf-jm3c

[GoVulnBot]

In GitHub Security Advisory GHSA-33hq-f2mf-jm3c, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/kyverno/kyverno	1.9.4	>= 1.9.2, < 1.9.4

Cross references:

• Module github.com/kyverno/kyverno appears in issue x/vulndb: potential Go vuln in github.com/kyverno/kyverno: GHSA-m3cq-xcx9-3gvm #1180

See doc/triage.md for instructions on how to triage this report.

modules:
  - module: github.com/kyverno/kyverno
    versions:
      - introduced: 1.9.2
        fixed: 1.9.4
    packages:
      - package: github.com/kyverno/kyverno
summary: kyverno seccomp control can be circumvented
description: |
    ### Impact

    Users of the podSecurity (`validate.podSecurity`) subrule in Kyverno 1.9. See the [documentation](https://kyverno.io/docs/writing-policies/validate/#pod-security) for information on this subrule type. Users of Kyverno v1.9.2 and v1.9.3 are affected.

    ### Patches

    v1.9.4
    v1.10.0

    ### Workarounds

    To work around this issue without upgrading to v1.9.4, temporarily install individual policies for the respective Seccomp checks in baseline [here](https://kyverno.io/policies/pod-security/baseline/restrict-seccomp/restrict-seccomp/) and restricted [here](https://kyverno.io/policies/pod-security/restricted/restrict-seccomp-strict/restrict-seccomp-strict/).

    ### References

    * https://kyverno.io/docs/writing-policies/validate/#pod-security
    * https://github.com/kyverno/kyverno/pull/7263
cves:
  - CVE-2023-33191
ghsas:
  - GHSA-33hq-f2mf-jm3c
references:
  - advisory: https://github.com/kyverno/kyverno/security/advisories/GHSA-33hq-f2mf-jm3c
  - fix: https://github.com/kyverno/kyverno/pull/7263
  - web: https://github.com/kyverno/kyverno/releases/tag/v1.9.4
  - advisory: https://github.com/advisories/GHSA-33hq-f2mf-jm3c

[tatianab]

Duplicate of #1801