SCA: security update for github.com/kubewarden/kubewarden-controller (GHSA-fc89-jghx-8pvg)

medium Tenable Self-Hosted Container Security Plugin ID 420803

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden
admission policies. By design, AdmissionPolicy and AdmissionPolicyGroup can evaluate only namespaced
resources. The resources to be evaluated are determined by the rules provided by the user when defining
the policy. There might be Kubernetes namespaced resources that should not be validated by AdmissionPolicy
and by the AdmissionPolicyGroup policies because of their sensitive nature. For example, PolicyReport are
namespaced resources that contain the list of non compliant objects found inside of a namespace. An
attacker can use either an AdmissionPolicy or an AdmissionPolicyGroup to prevent the creation and update
of PolicyReport objects to hide non-compliant resources. Moreover, the same attacker might use a mutating
AdmissionPolicy to alter the contents of the PolicyReport created inside of the namespace. Starting from
the 1.21.0 release, the validation rules applied to AdmissionPolicy and AdmissionPolicyGroup have been
tightened to prevent them from validating sensitive types of namespaced resources. (CVE-2025-24376)

See Also

https://github.com/advisories/GHSA-fc89-jghx-8pvg

Plugin Details

Severity: Medium

ID: 420803

Version: Revision 1.7

Type: Local

Family: SCA Checks

Published: 1/30/2025

Updated: 6/1/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 2.1

Percentile: 7.46

Vendor

Vendor Severity: Medium

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 4.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P

CVSS Score Source: CVE-2025-24376

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 1/30/2025

Vulnerability Publication Date: 1/30/2025

Reference Information

CVE: CVE-2025-24376

cwe: CWE-155