Lucene search
K

3 matches found

CVE
CVE
added 2026/06/10 5:20 p.m.23 views

CVE-2026-46617

CVE-2026-46617 (Fission) affects Fission runtimes prior to v1.23.0. The runtime pod was created with ServiceAccountName: fission-fetcher, which had namespace-wide get permissions on secrets and configmaps. The automounted token was accessible inside user function containers at /var/run/secrets/ku...

8.7CVSS5.5AI score0.00276EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/10 5:20 p.m.30 views

CVE-2026-46617 Fission runtime pods automount the fission-fetcher service-account token into the user function container, granting function code namespace-wide secret / configmap read

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, Fission runtime pods were created with ServiceAccountName: fission-fetcher, and the fission-fetcher ServiceAccount was granted...

8.7CVSS0.00276EPSS
Exploits0References3
OSV
OSV
added 2026/05/21 8:16 p.m.8 views

GHSA-85G2-PMRX-R49Q Fission runtime pods automount the fission-fetcher service-account token into the user function container, granting function code namespace-wide secret / configmap read

Summary Fission runtime pods were created with ServiceAccountName: fission-fetcher, and the fission-fetcher ServiceAccount was granted namespace-wide get on secrets and configmaps it needs that to load function code, env vars, and config. The runtime pod's automounted token was reachable from...

8.7CVSS5.8AI score0.00276EPSS
Exploits0References5
Rows per page
Query Builder