Lucene search
K

6 matches found

Vulnrichment
Vulnrichment
added 2026/06/10 5:19 p.m.7 views

CVE-2026-46612 Fission StorageSvc /v1/archive endpoint exposes unauthenticated CRUD over all function archives

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, the Fission storagesvc component registers archive CRUD handlers /v1/archive GET / POST / DELETE and /v1/archives list directly on...

8.8CVSS5.5AI score0.00344EPSS
Exploits0References4
CVE
CVE
added 2026/06/10 5:19 p.m.17 views

CVE-2026-46612

Fission StorageSvc exposes archive CRUD endpoints (/v1/archive and /v1/archives) on the HTTP router without authentication prior to v1.23.0, allowing any caller within the same Kubernetes cluster to enumerate archive IDs, download archives from other tenants, upload arbitrary content, and delete ...

8.8CVSS5.5AI score0.00344EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/21 8:7 p.m.17 views

Fission StorageSvc /v1/archive endpoint exposes unauthenticated CRUD over all function archives

Summary The Fission storagesvc component registers archive CRUD handlers /v1/archive GET / POST / DELETE and /v1/archives list directly on its HTTP router without performing any authentication or authorization. Any caller able to reach the storagesvc ClusterIP — including any other workload in th...

8.8CVSS6AI score0.00344EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/05/21 8:7 p.m.14 views

GHSA-CHF8-4HV6-8PG6 Fission StorageSvc /v1/archive endpoint exposes unauthenticated CRUD over all function archives

Summary The Fission storagesvc component registers archive CRUD handlers /v1/archive GET / POST / DELETE and /v1/archives list directly on its HTTP router without performing any authentication or authorization. Any caller able to reach the storagesvc ClusterIP — including any other workload in th...

8.8CVSS6AI score0.00344EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.14 views

PT-2026-42617

Summary The Fission storagesvc component registers archive CRUD handlers /v1/archive GET / POST / DELETE and /v1/archives list directly on its HTTP router without performing any authentication or authorization. Any caller able to reach the storagesvc ClusterIP — including any other workload in th...

8.8CVSS6AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.16 views

PT-2026-42684

Name of the Vulnerable Software and Affected Versions Fission versions prior to 1.23.0 Description The storagesvc component registers archive CRUD handlers on its HTTP router without authentication or authorization. This allows any caller capable of reaching the storagesvc ClusterIP, such as othe...

8.8CVSS5.6AI score0.00344EPSS
Exploits0References9
Rows per page
Query Builder