Lucene search
K

5 matches found

Cvelist
Cvelist
added 2026/06/10 5:28 p.m.23 views

CVE-2026-50565 Fission builder pods auto-mount the fission-builder ServiceAccount token in the user-supplied builder container

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission builder pods were created with ServiceAccountName: fission-builder and no AutomountServiceAccountToken: false, so the...

4.9CVSS0.00255EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/10 5:20 p.m.6 views

CVE-2026-46618 Fission builder accepts arbitrary buildcmd strings from Environment.spec.builder.command, allowing the builder pod to invoke arbitrary executables

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, before the round-1 security sweep, pkg/builder/builder.go passed Environment.spec.builder.command directly into exec.Command...

6.9CVSS5.9AI score0.00364EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.14 views

PT-2026-48510

Name of the Vulnerable Software and Affected Versions Fission versions prior to 1.24.0 Description Fission is an open-source, Kubernetes-native serverless framework used for deploying functions and applications on Kubernetes. In affected versions, builder pods are created with the...

4.9CVSS5.8AI score0.00255EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.14 views

Fission 安全漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.24.0 contain security vulnerabilities. These vulnerabilities arise from the use of ServiceAccountName: fission-builder in the builder pod, without setting AutomountServiceAccountToken: fals...

4.9CVSS5.3AI score0.00255EPSS
Exploits0References1
OSV
OSV
added 2026/05/21 8:17 p.m.6 views

GHSA-7PJR-QPVH-M339 Fission builder accepts arbitrary buildcmd strings from Environment.spec.builder.command, allowing the builder pod to invoke arbitrary executables

Summary Before the round-1 security sweep, pkg/builder/builder.go passed Environment.spec.builder.command directly into exec.Command... after a strings.Fields split, with no validation of the executable path or its arguments. A user who could create or update Environment CRDs in a namespace...

6.9CVSS6.2AI score0.00364EPSS
Exploits0References5
Rows per page
Query Builder