Lucene search
K

37 matches found

Cvelist
Cvelist
added 2026/06/10 5:29 p.m.38 views

CVE-2026-50566 Fission: Environment Runtime.Container and Builder.Container SecurityContext bypass allows privileged pod creation

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a tenant with environments.fission.io create/update RBAC can run privileged / allowPrivilegeEscalation / dangerous-capability...

9.9CVSS0.0029EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/10 5:20 p.m.11 views

EUVD-2026-36093

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, before the round-1 security sweep, pkg/builder/builder.go passed Environment.spec.builder.command directly into exec.Command...

6.9CVSS5.9AI score0.00364EPSS
Exploits0References3
CVE
CVE
added 2026/06/10 5:20 p.m.20 views

CVE-2026-46618

CVE-2026-46618 affects Fission before v1.23.0: pkg/builder/builder.go passed Environment.spec.builder.command directly to exec.Command after strings.Fields, with no validation of the executable path or arguments. A user with Environment CRD privileges in a namespace could point the builder pod to...

6.9CVSS5.9AI score0.00364EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/10 5:20 p.m.15 views

EUVD-2026-36092

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, Fission runtime pods were created with ServiceAccountName: fission-fetcher, and the fission-fetcher ServiceAccount was granted...

8.7CVSS5.5AI score0.00276EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.13 views

Fission 安全漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.24.0 contain security vulnerabilities. These vulnerabilities stem from the Container Executor’s path, which allows tenants to directly provide Function.spec.podspec. The executor merges thi...

9.9CVSS5.3AI score0.00274EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.13 views

Fission 输入验证错误漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.25.0 contained a input validation vulnerability. This vulnerability stemmed from the HTTPTriggerSpec.Validate method, which ignored the RelativeURL and Prefix fields during validation. As a...

4.3CVSS5.3AI score0.00227EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.14 views

Fission 安全漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.25.0 contain security vulnerabilities. These vulnerabilities stem from the SanitizeFilePath function, which uses string prefix checks instead of directory boundary checks. As a result,...

3.6CVSS5.3AI score0.00114EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.19 views

Fission 路径遍历漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.25.0 contained a path traversal vulnerability. This vulnerability stemmed from the Unarchive function using filepath.Join to concatenate the archive entry name with the target directory,...

7.7CVSS5.3AI score0.00301EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.16 views

PT-2026-48508

Name of the Vulnerable Software and Affected Versions Fission versions prior to 1.24.0 Description Fission is an open-source, Kubernetes-native serverless framework used for deploying functions and applications on Kubernetes. The Container Executor path allows a tenant to directly supply...

9.9CVSS5.8AI score0.00274EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.12 views

PT-2026-48503

Name of the Vulnerable Software and Affected Versions Fission versions prior to 1.24.0 Description Fission is an open-source, Kubernetes-native serverless framework used for deploying functions and applications on Kubernetes. The buildermgr controller processes Package Custom Resource Definitions...

7.7CVSS6AI score0.00231EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.12 views

Fission 安全漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.24.0 contain security vulnerabilities. These vulnerabilities arise from the exposure of spec.runtime.podSpec and spec.builder.podSpec in the Environment CRD during merging, without filterin...

9.9CVSS5.4AI score0.00274EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.16 views

PT-2026-48515

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, Fission added PodSpec safety validation for tenant-facing Environment and Function CRDs ValidatePodSpecSafety /...

8.5CVSS5.5AI score0.00274EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.39 views

PT-2026-48511

Name of the Vulnerable Software and Affected Versions Fission versions prior to 1.24.0 Description An issue exists in the Kubernetes-native serverless framework where a tenant with environments.fission.io create/update RBAC permissions can deploy containers with privileged access,...

9.9CVSS5.8AI score0.0029EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

Fission 访问控制错误漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.24.0 contained a access control vulnerability. This vulnerability stemmed from the Fission Function’s access webhook verifying that the spec.secrets.namespace and spec.configmaps.namespace...

8.5CVSS5.3AI score0.00223EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.18 views

Fission 安全漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.25.0 contained security vulnerabilities. These vulnerabilities stemmed from a lack of inclusion of CAPSYSTIME in the capability checks during PodSpec security validation. As a result, tenan...

8.5CVSS5.5AI score0.00274EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.18 views

Fission 安全漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.24.0 contained security vulnerabilities. These vulnerabilities stemmed from tenants with permissions to execute privileged/allowed-privileged/hazardous containers, under the account with hi...

9.9CVSS5.5AI score0.0029EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.19 views

Fission 安全漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.24.0 contained a security vulnerability. This vulnerability stemmed from the lack of validation in the Environment.spec.runtime.podSpec/spec.builder.podSpec field. When using MergePodSpec,...

9.9CVSS5.3AI score0.003EPSS
Exploits0References1
Rows per page
Query Builder