Lucene search
K

17 matches found

NVD
NVD
added 2026/06/10 6:17 p.m.11 views

CVE-2026-50545

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, the Environment.spec.runtime.podSpec / spec.builder.podSpec passthrough lacked validation, and MergePodSpec propagated dangerous...

9.9CVSS0.003EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/10 5:27 p.m.26 views

CVE-2026-50564 Fission Environment CRD podspec passthrough enables hostPID/hostNetwork/privileged pods, node escape

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Environment CRD exposes spec.runtime.podSpec and spec.builder.podSpec, which are merged into the Kubernetes pod specs fo...

9.9CVSS0.00274EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/10 5:26 p.m.17 views

CVE-2026-50545 Fission Environment CRD PodSpec Injection Leading to Node Escape and Cluster Takeover

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, the Environment.spec.runtime.podSpec / spec.builder.podSpec passthrough lacked validation, and MergePodSpec propagated dangerous...

9.9CVSS5.4AI score0.003EPSS
Exploits0References4
CVE
CVE
added 2026/06/10 5:26 p.m.25 views

CVE-2026-50545

Fission (Kubernetes-native serverless) prior to version 1.24.0 allowed Environment.spec.runtime.podSpec and spec.builder.podSpec passthrough without validation, and MergePodSpec could propagate dangerous fields into generated pods. This CVE—CVE-2026-50545—describes a PodSpec injection with potent...

9.9CVSS5.4AI score0.003EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.14 views

Fission 安全漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.25.0 contained security vulnerabilities. These vulnerabilities stemmed from a lack of inclusion of CAPSYSTIME in the capability checks during PodSpec security validation. As a result, tenan...

8.5CVSS5.5AI score0.00274EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.19 views

PT-2026-48507

Name of the Vulnerable Software and Affected Versions Fission versions prior to 1.24.0 Description An issue exists in the Kubernetes-native serverless framework where the Environment.spec.runtime.podSpec and spec.builder.podSpec passthrough lacks validation. This allows the MergePodSpec function ...

9.9CVSS5.8AI score0.003EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.18 views

Fission 安全漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.24.0 contained a security vulnerability. This vulnerability stemmed from the lack of validation in the Environment.spec.runtime.podSpec/spec.builder.podSpec field. When using MergePodSpec,...

9.9CVSS5.3AI score0.003EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.12 views

PT-2026-37194

Name of the Vulnerable Software and Affected Versions Argo Workflows versions prior to 3.7.14 Argo Workflows versions prior to 4.0.5 Description A user with create Workflow permission can bypass the templateReferencing: Strict and Secure restrictions. This occurs because the system only blocks th...

8.1CVSS5.8AI score0.00424EPSS
Exploits2References15
SUSE CVE
SUSE CVE
added 2026/03/25 12:24 a.m.4 views

SUSE CVE-2026-31892

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 2.9.0 to before 4.0.2 and 3.7.11, A user who can submit Workflows can completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in...

8.9CVSS5.9AI score0.00413EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/11 7:29 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the podSpecPatch when including a podSpecPatch field in their Workflow submission. An attacker can override security restrictions defined in approved templates by submitting a workflow that includes a crafted...

8.9CVSS6AI score0.00413EPSS
Exploits1References2
OSV
OSV
added 2026/03/11 7:29 p.m.5 views

GHSA-3WF5-G532-RCRR Argo Workflows: WorkflowTemplate Security Bypass via podSpecPatch in Strict/Secure Reference Mode

Summary A user who can submit Workflows can completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in their Workflow submission. This works even when the controller is configured with templateReferencing: Strict, which is specifically documented as...

8.9CVSS5.8AI score0.00413EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/03/11 7:29 p.m.11 views

Argo Workflows: WorkflowTemplate Security Bypass via podSpecPatch in Strict/Secure Reference Mode

Summary A user who can submit Workflows can completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in their Workflow submission. This works even when the controller is configured with templateReferencing: Strict, which is specifically documented as...

9.9CVSS5.8AI score0.00413EPSS
Exploits1References3Affected Software3
NVD
NVD
added 2026/03/11 4:16 p.m.5 views

CVE-2026-31892

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 2.9.0 to before 4.0.2 and 3.7.11, A user who can submit Workflows can completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in...

9.9CVSS0.00413EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/03/11 3:41 p.m.5 views

CVE-2026-31892

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 2.9.0 to before 4.0.2 and 3.7.11, A user who can submit Workflows can completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in...

8.9CVSS5.8AI score0.00413EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/03/11 3:41 p.m.17 views

CVE-2026-31892

CVE-2026-31892 affects Argo Workflows (open-source Kubernetes workflow engine). A user who can submit a Workflow can bypass security settings defined in a referenced WorkflowTemplate by submitting a podSpecPatch in the Workflow, taking precedence during spec merging and applying to the pod with n...

9.9CVSS5.8AI score0.00413EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.7 views

Argo Workflows 安全漏洞

Argo Workflows is an open-source container-native workflow engine for Kubernetes, part of the Argo project. Versions prior to Argo Workflows 4.0.2 and 3.7.11 contained security vulnerabilities. These vulnerabilities stemmed from the ability for users to bypass all security settings in the...

8.9CVSS7.3AI score0.00413EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/11/26 7:15 p.m.17 views

CVE-2024-8676 Cri-o: checkpoint restore can be triggered from different namespaces

A vulnerability was found in CRI-O, where it can be requested to take a checkpoint archive of a container and later be asked to restore it. When it does that restoration, it attempts to restore the mounts from the restore archive instead of the pod request. As a result, the validations run on the...

7.4CVSS0.00773EPSS
Exploits0References8
Rows per page
Query Builder