Lucene search
K

3 matches found

Snyk
Snyk
added 2026/06/10 7:22 p.m.4 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in the ValidatePodSpecSafety and ValidateContainerSafety processes. An attacker can gain elevated privileges and modify the system clock across tenant boundaries by adding CAPSYSTIME to the...

8.5CVSS5.8AI score0.00274EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/10 5:34 p.m.9 views

CVE-2026-50570 Fission: Incomplete capability denylist in Environment/Function PodSpec validation allows tenant-added CAP_SYS_TIME and cross-tenant node wall-clock corruption

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, Fission added PodSpec safety validation for tenant-facing Environment and Function CRDs ValidatePodSpecSafety /...

8.5CVSS5.5AI score0.00274EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/21 8:17 p.m.13 views

Fission builder accepts arbitrary buildcmd strings from Environment.spec.builder.command, allowing the builder pod to invoke arbitrary executables

Summary Before the round-1 security sweep, pkg/builder/builder.go passed Environment.spec.builder.command directly into exec.Command... after a strings.Fields split, with no validation of the executable path or its arguments. A user who could create or update Environment CRDs in a namespace...

6.9CVSS6.2AI score0.00364EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder