x/vulndb: potential Go vuln in github.com/kyverno/kyverno: CVE-2023-33191

[GoVulnBot]

CVE-2023-33191 references github.com/kyverno/kyverno, which may be a Go module.

Description:
Kyverno is a policy engine designed for Kubernetes. Kyverno seccomp control can be circumvented. Users of the podSecurity validate.podSecurity subrule in Kyverno 1.9.2 and 1.9.3 are vulnerable. This issue was patched in version 1.9.4.

References:

• NIST: https://nvd.nist.gov/vuln/detail/CVE-2023-33191
• JSON: https://github.com/CVEProject/cvelist/tree/b608d54b8f1f5675f86115411b049b2469c2dae8/2023/33xxx/CVE-2023-33191.json
• advisory: GHSA-33hq-f2mf-jm3c
• fix: fix: PSa latest version check kyverno/kyverno#7263
• web: https://github.com/kyverno/kyverno/releases/tag/v1.9.4
• Imported by: https://pkg.go.dev/github.com/kyverno/kyverno?tab=importedby

Cross references:

• Module github.com/kyverno/kyverno appears in issue x/vulndb: potential Go vuln in github.com/kyverno/kyverno: GHSA-m3cq-xcx9-3gvm #1180

See doc/triage.md for instructions on how to triage this report.

modules:
  - module: github.com/kyverno/kyverno
    packages:
      - package: kyverno
description: |
    Kyverno is a policy engine designed for Kubernetes. Kyverno seccomp control can be circumvented. Users of the podSecurity `validate.podSecurity` subrule in Kyverno 1.9.2 and 1.9.3 are vulnerable. This issue was patched in version 1.9.4.
cves:
  - CVE-2023-33191
references:
  - advisory: https://github.com/kyverno/kyverno/security/advisories/GHSA-33hq-f2mf-jm3c
  - fix: https://github.com/kyverno/kyverno/pull/7263
  - web: https://github.com/kyverno/kyverno/releases/tag/v1.9.4

[gopherbot]

Change https://go.dev/cl/500496 mentions this issue: data/excluded: batch add 9 excluded reports

[gopherbot]

Change https://go.dev/cl/592761 mentions this issue: data/reports: unexclude 75 reports

[gopherbot]

Change https://go.dev/cl/606786 mentions this issue: data/reports: unexclude 20 reports (6)