6 matches found
CVE-2026-46612 Fission StorageSvc /v1/archive endpoint exposes unauthenticated CRUD over all function archives
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, the Fission storagesvc component registers archive CRUD handlers /v1/archive GET / POST / DELETE and /v1/archives list directly on...
CVE-2026-46612
Fission StorageSvc exposes archive CRUD endpoints (/v1/archive and /v1/archives) on the HTTP router without authentication prior to v1.23.0, allowing any caller within the same Kubernetes cluster to enumerate archive IDs, download archives from other tenants, upload arbitrary content, and delete ...
Fission StorageSvc /v1/archive endpoint exposes unauthenticated CRUD over all function archives
Summary The Fission storagesvc component registers archive CRUD handlers /v1/archive GET / POST / DELETE and /v1/archives list directly on its HTTP router without performing any authentication or authorization. Any caller able to reach the storagesvc ClusterIP — including any other workload in th...
GHSA-CHF8-4HV6-8PG6 Fission StorageSvc /v1/archive endpoint exposes unauthenticated CRUD over all function archives
Summary The Fission storagesvc component registers archive CRUD handlers /v1/archive GET / POST / DELETE and /v1/archives list directly on its HTTP router without performing any authentication or authorization. Any caller able to reach the storagesvc ClusterIP — including any other workload in th...
PT-2026-42617
Summary The Fission storagesvc component registers archive CRUD handlers /v1/archive GET / POST / DELETE and /v1/archives list directly on its HTTP router without performing any authentication or authorization. Any caller able to reach the storagesvc ClusterIP — including any other workload in th...
PT-2026-42684
Name of the Vulnerable Software and Affected Versions Fission versions prior to 1.23.0 Description The storagesvc component registers archive CRUD handlers on its HTTP router without authentication or authorization. This allows any caller capable of reaching the storagesvc ClusterIP, such as othe...