SSRF via container-controlled metric collector URL (io.cadvisor.metric.* labels) #3850
Description
Summary
cAdvisor's custom metrics collector feature (collector/generic_collector.go:140-141) makes HTTP GET requests to URLs read from a JSON config file inside monitored containers, with no URL validation or private IP range blocking.
Vulnerable Code
Containers can specify a collector config path via the io.cadvisor.metric.* label prefix (collector/collector_manager.go:45-53). cAdvisor reads that file from the container's filesystem via /proc/<pid>/root/<path> (manager/container.go:252-271) and uses the endpoint.url field directly in collector.httpClient.Get(uri). The HTTP client is created with InsecureSkipVerify: true (cmd/cadvisor.go:224).
Attack Scenario
Any user who can create pods in a Kubernetes cluster where cAdvisor runs (standard developer access in multi-tenant clusters) can create a container whose label points to a crafted config file, causing cAdvisor to periodically make HTTP requests to arbitrary internal URLs — including the cloud metadata service at http://169.254.169.254/ — and store the response body as a metric value readable via the cAdvisor API.
Suggested Fix
Validate the endpoint.url from collector config files: reject private IP ranges, cloud metadata endpoints (169.254.169.254, metadata.google.internal), and loopback addresses before issuing HTTP requests.