27 matches found
SUSE CVE-2026-24005
Kruise provides automated management of large-scale applications on Kubernetes. Prior to versions 1.8.3 and 1.7.5, PodProbeMarker allows defining custom probes with TCPSocket or HTTPGet handlers. The webhook validation does not restrict the Host field in these probe configurations. Since...
GO-2026-4549 OpenKruise PodProbeMarker is Vulnerable to SSRF via Unrestricted Host Field in github.com/openkruise/kruise
OpenKruise PodProbeMarker is Vulnerable to SSRF via Unrestricted Host Field in github.com/openkruise/kruise...
CVE-2026-24005
Kruise provides automated management of large-scale applications on Kubernetes. Prior to versions 1.8.3 and 1.7.5, PodProbeMarker allows defining custom probes with TCPSocket or HTTPGet handlers. The webhook validation does not restrict the Host field in these probe configurations. Since...
CVE-2026-24005
Kruise provides automated management of large-scale applications on Kubernetes. Prior to versions 1.8.3 and 1.7.5, PodProbeMarker allows defining custom probes with TCPSocket or HTTPGet handlers. The webhook validation does not restrict the Host field in these probe configurations. Since...
CVE-2026-24005
Kruise provides automated management of large-scale applications on Kubernetes. Prior to versions 1.8.3 and 1.7.5, PodProbeMarker allows defining custom probes with TCPSocket or HTTPGet handlers. The webhook validation does not restrict the Host field in these probe configurations. Since...
CVE-2026-24005 OpenKruise PodProbeMarker is Vulnerable to SSRF via Unrestricted Host Field
Kruise provides automated management of large-scale applications on Kubernetes. Prior to versions 1.8.3 and 1.7.5, PodProbeMarker allows defining custom probes with TCPSocket or HTTPGet handlers. The webhook validation does not restrict the Host field in these probe configurations. Since...
GHSA-9FJ4-3849-RV9G OpenKruise PodProbeMarker is Vulnerable to SSRF via Unrestricted Host Field
Summary PodProbeMarker allows defining custom probes with TCPSocket or HTTPGet handlers. The webhook validation does not restrict the Host field in these probe configurations. Since kruise-daemon runs with hostNetwork=true, it executes probes from the node network namespace. An attacker with...
OpenKruise PodProbeMarker is Vulnerable to SSRF via Unrestricted Host Field
Summary PodProbeMarker allows defining custom probes with TCPSocket or HTTPGet handlers. The webhook validation does not restrict the Host field in these probe configurations. Since kruise-daemon runs with hostNetwork=true, it executes probes from the node network namespace. An attacker with...
Kruise 代码问题漏洞
Kruise is an open-source application developed by OpenKruise. Versions of Kruise prior to 1.8.3 and 1.7.5 contained code vulnerabilities. These vulnerabilities stemmed from the lack of restrictions on the Host field in the PodProbeMarker’s webhook validation, which could allow attackers with...
PT-2026-21979
Name of the Vulnerable Software and Affected Versions Kruise versions prior to 1.8.3 Kruise versions prior to 1.7.5 Description Kruise allows automated management of applications on Kubernetes. A flaw exists in the PodProbeMarker functionality where the webhook validation does not restrict the...
CVE-2024-36532
Insecure permissions in kruise v1.6.2 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token...
CVE-2023-30617
Kruise provides automated management of large-scale applications on Kubernetes. Starting in version 0.8.0 and prior to versions 1.3.1, 1.4.1, and 1.5.2, an attacker who has gained root privilege of the node that kruise-daemon run can leverage the kruise-daemon pod to list all secrets in the entir...
CVE-2024-36532
Insecure permissions in kruise v1.6.2 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token...
Kruise Security Vulnerabilities
Kruise is an application from the Cloud Native Computing Foundation CNCF. A security vulnerability exists in kruise version v1.6.2. An attacker exploited the vulnerability to access sensitive data and elevate privileges by obtaining a token for a service account...
CVE-2024-36532
CVE-2024-36532 affects kruise v1.6.2. The issue is described as insecure permissions that allow an attacker to access sensitive data and escalate privileges by obtaining the service account token. This has been reported across multiple sources (NVD, Red Hat, CNNVD, CVE lists) with verification ag...
CVE-2024-36532
Insecure permissions in kruise v1.6.2 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token...
CVE-2024-36532
Insecure permissions in kruise v1.6.2 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token...
GHSA-437M-7HJ5-9MPW Kruise allows leveraging the kruise-daemon pod to list all secrets in the entire cluster
Impact Attacker that has gain root privilege of the node that kruise-daemon run , can leverage the kruise-daemon pod to list all secrets in the entire cluster. After that, attackers can leverage the "captured" secrets e.g. the kruise-manager service account token to gain extra privilege such as p...
Kruise allows leveraging the kruise-daemon pod to list all secrets in the entire cluster
Impact Attacker that has gain root privilege of the node that kruise-daemon run , can leverage the kruise-daemon pod to list all secrets in the entire cluster. After that, attackers can leverage the "captured" secrets e.g. the kruise-manager service account token to gain extra privilege such as p...
Information Disclosure
Kruise-daemon is vulnerable to Information Disclosure. The vulnerability is due to improper access to root privileges on the node where the kruise-daemon runs. This issue can be exploited by an attacker with root privileges to where the kruise-daemon runs to list all the secrets in the entire...