Kyverno, Server-Side Request Forgery (SSRF), GHSA-qr4g-8hrp-c4rw (critical)

Listen to this Post

How the CVE works:

A Server-Side Request Forgery (SSRF) vulnerability in Kyverno allows authenticated users to induce the admission controller to send arbitrary HTTP requests to attacker-controlled endpoints. When a ClusterPolicy uses apiCall.service.url with variable substitution (e.g. {{request.object.}}), user-controlled input can influence the request target. The Kyverno admission controller executes these requests from its privileged network position without enforcing any validation or network restrictions. The issue becomes non-blind SSRF, as response data from internal services can be reflected back to the user via admission error messages. The vulnerability arises from missing protections: no URL validation, no IP filtering, unrestricted redirect handling, and response data reflection in admission errors. It is non-blind through two mechanisms: non-2xx responses return the body in admission errors, and 2xx responses with non-JSON content include response snippets in error output. A proof-of-concept involves creating a ClusterPolicy with a malicious apiCall.service.url and a Pod with a target annotation pointing to an internal service.

DailyCVE Form:

Platform: Kubernetes Kyverno
Version: 1.16.0 and later
Vulnerability : SSRF (Non-blind)
Severity: critical
date: 2026-04-14

Prediction: Unpatched (No fixed version)

What Undercode Say:

Bash commands and codes related to the blog

Check for vulnerable ClusterPolicies
kubectl get clusterpolicies -o yaml | grep -B 5 -A 10 "apiCall.service.url"
Attempt to exploit (requires a malicious ClusterPolicy)
kubectl apply -f malicious-pod.yaml

Snippet of a vulnerable ClusterPolicy:

apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: ssrf-vulnerable
spec:
rules:
- name: test-ssrf
match:
any:
- resources:
kinds:
- Pod
context:
- name: call
apiCall:
service:
url: "http://{{ request.object.metadata.annotations.target }}"

Exploit:

  1. Create a ClusterPolicy with an apiCall.service.url that uses variable substitution (e.g., http://{{ request.object.metadata.annotations.target }}).
  2. Create a Pod with a malicious annotation pointing to an internal service (e.g., 169.254.169.254/latest/meta-data/iam/security-credentials/).
  3. Apply the Pod. The admission controller will make an HTTP request to the internal service.
  4. The response from the internal service is reflected in the admission error message, allowing data exfiltration.

Protection from this CVE:

  • Avoid using user-controlled input in apiCall.service.url.
  • Implement a network policy to restrict egress from the Kyverno admission controller.
  • Monitor for suspicious apiCall patterns in ClusterPolicies.
  • Apply any future patches from the Kyverno project once available.

Impact:

  • Access to internal services (ClusterIP, localhost)
  • Access to cloud metadata endpoints (e.g., AWS IMDS) leading to credential exposure
  • Internal network reconnaissance
  • Multi-tenant boundary weakening
  • Potential for combining with other vulnerabilities to form a critical attack chain

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top