Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.17.2 and 1.16.4, an unchecked type assertion in the `forEac…

Kyverno policy engine for cloud native platforms contains a vulnerability in versions prior to 1.17.2 and 1.16.4. An unchecked type assertion in the forEach mutation handler allows users with Policy or ClusterPolicy creation permissions to crash the cluster-wide background controller into a persistent CrashLoopBackOff state. The vulnerability also causes the admission controller to drop connections and block resource operations. The crash persists until the malicious policy is deleted. The issue is confined to the legacy engine, with CEL-based policies remaining unaffected.