1. Kyverno Flaw Auto-Attaches Kubernetes ServiceAccount Tokens to External API Calls, Raising Exfiltration Risk
A vulnerability in Kyverno's apiCall service mode silently attaches admission controller ServiceAccount (SA) tokens to all outbound HTTP requests, creating a credential exposure pathway when requests reach external or attacker-controlled endpoints. The flaw operates as an insecure default behavior, meaning policy autho...