28 matches found
SUSE CVE-2026-24005
Kruise provides automated management of large-scale applications on Kubernetes. Prior to versions 1.8.3 and 1.7.5, PodProbeMarker allows defining custom probes with TCPSocket or HTTPGet handlers. The webhook validation does not restrict the Host field in these probe configurations. Since...
GO-2026-4549 OpenKruise PodProbeMarker is Vulnerable to SSRF via Unrestricted Host Field in github.com/openkruise/kruise
OpenKruise PodProbeMarker is Vulnerable to SSRF via Unrestricted Host Field in github.com/openkruise/kruise...
CVE-2026-24005
Kruise provides automated management of large-scale applications on Kubernetes. Prior to versions 1.8.3 and 1.7.5, PodProbeMarker allows defining custom probes with TCPSocket or HTTPGet handlers. The webhook validation does not restrict the Host field in these probe configurations. Since...
CVE-2026-24005
Kruise provides automated management of large-scale applications on Kubernetes. Prior to versions 1.8.3 and 1.7.5, PodProbeMarker allows defining custom probes with TCPSocket or HTTPGet handlers. The webhook validation does not restrict the Host field in these probe configurations. Since...
CVE-2026-24005 OpenKruise PodProbeMarker is Vulnerable to SSRF via Unrestricted Host Field
Kruise provides automated management of large-scale applications on Kubernetes. Prior to versions 1.8.3 and 1.7.5, PodProbeMarker allows defining custom probes with TCPSocket or HTTPGet handlers. The webhook validation does not restrict the Host field in these probe configurations. Since...
CVE-2026-24005
Kruise provides automated management of large-scale applications on Kubernetes. Prior to versions 1.8.3 and 1.7.5, PodProbeMarker allows defining custom probes with TCPSocket or HTTPGet handlers. The webhook validation does not restrict the Host field in these probe configurations. Since...
GHSA-9FJ4-3849-RV9G OpenKruise PodProbeMarker is Vulnerable to SSRF via Unrestricted Host Field
Summary PodProbeMarker allows defining custom probes with TCPSocket or HTTPGet handlers. The webhook validation does not restrict the Host field in these probe configurations. Since kruise-daemon runs with hostNetwork=true, it executes probes from the node network namespace. An attacker with...
OpenKruise PodProbeMarker is Vulnerable to SSRF via Unrestricted Host Field
Summary PodProbeMarker allows defining custom probes with TCPSocket or HTTPGet handlers. The webhook validation does not restrict the Host field in these probe configurations. Since kruise-daemon runs with hostNetwork=true, it executes probes from the node network namespace. An attacker with...
Kruise 代码问题漏洞
Kruise is an open-source application developed by OpenKruise. Versions of Kruise prior to 1.8.3 and 1.7.5 contained code vulnerabilities. These vulnerabilities stemmed from the lack of restrictions on the Host field in the PodProbeMarker’s webhook validation, which could allow attackers with...
PT-2026-21979
Name of the Vulnerable Software and Affected Versions Kruise versions prior to 1.8.3 Kruise versions prior to 1.7.5 Description Kruise allows automated management of applications on Kubernetes. A flaw exists in the PodProbeMarker functionality where the webhook validation does not restrict the...
CVE-2024-36532
Insecure permissions in kruise v1.6.2 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token...
CVE-2023-30617
Kruise provides automated management of large-scale applications on Kubernetes. Starting in version 0.8.0 and prior to versions 1.3.1, 1.4.1, and 1.5.2, an attacker who has gained root privilege of the node that kruise-daemon run can leverage the kruise-daemon pod to list all secrets in the entir...
CVE-2024-36532
Insecure permissions in kruise v1.6.2 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token...
CVE-2024-36532
Insecure permissions in kruise v1.6.2 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token...
Kruise Security Vulnerabilities
Kruise is an application from the Cloud Native Computing Foundation CNCF. A security vulnerability exists in kruise version v1.6.2. An attacker exploited the vulnerability to access sensitive data and elevate privileges by obtaining a token for a service account...
CVE-2024-36532
CVE-2024-36532 affects kruise v1.6.2. The issue is described as insecure permissions that allow an attacker to access sensitive data and escalate privileges by obtaining the service account token. This has been reported across multiple sources (NVD, Red Hat, CNNVD, CVE lists) with verification ag...
CVE-2024-36532
Insecure permissions in kruise v1.6.2 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token...
The vulnerability of the kruise-daemon component in the Kubernetes Kruise automation application allows a malicious individual to gain unauthorized access to protected information and increase their privileges.
The vulnerability of the kruise-daemon component in the Kubernetes application automation tool involves deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information and increase their privileges...
GHSA-437M-7HJ5-9MPW Kruise allows leveraging the kruise-daemon pod to list all secrets in the entire cluster
Impact Attacker that has gain root privilege of the node that kruise-daemon run , can leverage the kruise-daemon pod to list all secrets in the entire cluster. After that, attackers can leverage the "captured" secrets e.g. the kruise-manager service account token to gain extra privilege such as p...
Kruise allows leveraging the kruise-daemon pod to list all secrets in the entire cluster
Impact Attacker that has gain root privilege of the node that kruise-daemon run , can leverage the kruise-daemon pod to list all secrets in the entire cluster. After that, attackers can leverage the "captured" secrets e.g. the kruise-manager service account token to gain extra privilege such as p...