1. Kyverno apiCall Service Mode Exposes Kubernetes ServiceAccount Tokens by Default in High-Severity Vulnerability
A high-severity vulnerability in Kyverno's policy engine allows ServiceAccount tokens to be automatically forwarded to external endpoints without policy authors' knowledge or consent. The flaw, tracked as GHSA-8wfp-579w-6r25, stems from an insecure-by-default behavior in Kyverno's apiCall service mode, where the admiss...