Security context

What an agent needs to avoid regressing past fixes and find the next vuln in this repo.

kubernetes-sigs/agent-sandbox
main @ 6a5ce18
43
Fixes
0
CVEs
HIGH
Peak severity
Highlights
Auth Bypass: 17 prior fixes. Scrutinize any change in this area.
extensions/controllers/sandboxclaim_controller.go: most-fixed (9 issues). Treat as high-risk during review.
26 high-severity fixes in this history; regressions here are high-impact.
Recurring patterns

The bug types that recur here, drawn from past fixes, not open vulnerabilities.

Auth Bypass: The controller previously adopted unowned resources or updated Pods/Services without verifying owner references or namespace boundaries, allowing malicious tenants to hijack sandbox resources.
Privilege Escalation: Lack of strict validation on user-supplied metadata allowed attackers to inject privileged system labels (e.g., app=sandbox-router) or leverage default ServiceAccount token mounts to escalate privileges in the cluster.
SSRF: The sandbox router and its Python/Go client connectors were vulnerable to SSRF by automatically following redirects or dialing unchecked loopback, local, or arbitrary gateway IP addresses.