CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24376 – The kubewarden-controller AdmissionPolicy and AdmissionPolicyGroup policies can be used to alter PolicyReport resources
https://notcve.org/view.php?id=CVE-2025-24376
30 Jan 2025 — kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. By design, AdmissionPolicy and AdmissionPolicyGroup can evaluate only namespaced resources. The resources to be evaluated are determined by the rules provided by the user when defining the policy. There might be Kubernetes namespaced resources that should not be validated by AdmissionPolicy and by the AdmissionPolicyGroup policies because of their sensitive nature. For example, PolicyRepor... • https://github.com/kubewarden/kubewarden-controller/commit/8124039b5f0c955d0ee8c8ca12d4415282f02d2c • CWE-155: Improper Neutralization of Wildcards or Matching Symbols CWE-285: Improper Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24784 – kubewarden-controller has an Information leak via AdmissionPolicyGroup Resource
https://notcve.org/view.php?id=CVE-2025-24784
30 Jan 2025 — kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. The policy group feature, added to by the 1.17.0 release. By being namespaced, the AdmissionPolicyGroup has a well constrained impact on cluster resources. Hence, it’s considered safe to allow non-admin users to create and manage these resources in the namespaces they own. Kubewarden policies can be allowed to query the Kubernetes API at evaluation time; these types of policies are called ... • https://github.com/kubewarden/kubewarden-controller/commit/51a88dfbb4c090ce0f76a22d98106518e0824d0b • CWE-285: Improper Authorization •