{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-26T06:10:35.224","vulnerabilities":[{"cve":{"id":"CVE-2026-24005","sourceIdentifier":"security-advisories@github.com","published":"2026-02-25T19:43:21.163","lastModified":"2026-03-05T00:42:25.553","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Kruise provides automated management of large-scale applications on Kubernetes. Prior to versions 1.8.3 and 1.7.5, PodProbeMarker allows defining custom probes with TCPSocket or HTTPGet handlers. The webhook validation does not restrict the Host field in these probe configurations. Since kruise-daemon runs with hostNetwork=true, it executes probes from the node network namespace. An attacker with PodProbeMarker creation permission can specify arbitrary Host values to trigger SSRF from the node, perform port scanning, and receive response feedback through NodePodProbe status messages. Versions 1.8.3 and 1.7.5 patch the issue."},{"lang":"es","value":"Kruise proporciona gestión automatizada de aplicaciones a gran escala en Kubernetes. Antes de las versiones 1.8.3 y 1.7.5, PodProbeMarker permite definir sondas personalizadas con manejadores TCPSocket o HTTPGet. La validación del webhook no restringe el campo Host en estas configuraciones de sonda. Dado que kruise-daemon se ejecuta con hostNetwork=true, ejecuta sondas desde el espacio de nombres de red del nodo. Un atacante con permiso de creación de PodProbeMarker puede especificar valores de Host arbitrarios para activar SSRF desde el nodo, realizar escaneo de puertos y recibir retroalimentación de la respuesta a través de mensajes de estado de NodePodProbe. Las versiones 1.8.3 y 1.7.5 parchean el problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N","baseScore":0.0,"baseSeverity":"NONE","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":0.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":4.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openkruise:kruise:*:*:*:*:*:*:*:*","versionEndExcluding":"1.7.5","matchCriteriaId":"D53D811F-DD4D-41A2-9B01-6627A7A3D657"},{"vulnerable":true,"criteria":"cpe:2.3:a:openkruise:kruise:*:*:*:*:*:*:*:*","versionStartIncluding":"1.8.0","versionEndExcluding":"1.8.3","matchCriteriaId":"4A6B76A0-02C5-4E39-99B1-1C8BD3758257"}]}]}],"references":[{"url":"https://github.com/openkruise/kruise/commit/94364b76adf3e8a1749a31afe809a163bed29613","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/openkruise/kruise/releases/tag/v1.7.5","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/openkruise/kruise/releases/tag/v1.8.3","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/openkruise/kruise/security/advisories/GHSA-9fj4-3849-rv9g","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]}]}}]}