Kyverno ClusterPolicy and GlobalContextToken Exfiltration Vulnerability

A vulnerability in Kyverno versions prior to 1.16.4 allows for the unintentional leakage of the Kyverno controller's service account token. This occurs through the 'apiCall' servicecall helper, which automatically adds an Authorization header with the service account token when none is specified. Since the request URL is controlled by the policy, this can result in the token being sent to an attacker-controlled endpoint, creating a 'confused deputy' scenario. This issue is limited to ClusterPolicy and global context usage, as namespaced policies are prevented from using servicecalls.

Impact

Exfiltration of the Kyverno controller service account token, which could be misused depending on the permissions assigned to that service account in the deployment.

Reproduction

The vulnerability can be reproduced by creating a ClusterPolicy or a GlobalContextEntry that utilizes 'context.apiCall.service.url' without specifying an Authorization header. The injected token can be verified by sending the request to an in-cluster HTTP receiver that logs the Authorization header.

Remediation

Users can update to Kyverno version 1.16.4 or later, set an explicit Authorization header in servicecall policies, or avoid using servicecall to arbitrary URLs in policies.