Lucene search
K

4 matches found

NVD
NVD
added 2026/06/10 6:17 p.m.11 views

CVE-2026-49824

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, the Fission Function admission webhook pkg/webhook/function.go validated that spec.secrets.namespace and spec.configmaps.namespace...

8.5CVSS0.00223EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/10 5:29 p.m.37 views

CVE-2026-50566 Fission: Environment Runtime.Container and Builder.Container SecurityContext bypass allows privileged pod creation

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a tenant with environments.fission.io create/update RBAC can run privileged / allowPrivilegeEscalation / dangerous-capability...

9.9CVSS0.0029EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

Fission 访问控制错误漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.24.0 contained a access control vulnerability. This vulnerability stemmed from the Fission Function’s access webhook verifying that the spec.secrets.namespace and spec.configmaps.namespace...

8.5CVSS5.3AI score0.00223EPSS
Exploits0References1
Veracode
Veracode
added 2026/05/23 5:28 a.m.6 views

Improper Access Control

Fission is vulnerable to improper access control. The vulnerability is due to the router automatically registering internal function routes without validating associated HTTPTrigger restrictions, which allows an attacker to invoke arbitrary functions directly by guessing the function name and...

9.8CVSS6AI score0.00353EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder