GHSA-GX55-F84R-V3R7

Vulnerability from github – Published: 2026-06-30 18:19 – Updated: 2026-06-30 18:19
VLAI
Summary
Fission Environment CRD podspec passthrough enables hostPID/hostNetwork/privileged pods, node escape
Details

Summary

Fission's Environment CRD exposes spec.runtime.podSpec and spec.builder.podSpec, which are merged into the Kubernetes pod specs for runtime and builder pods. The merge logic propagated hostNetwork, hostPID, hostIPC, container privileged, and serviceAccountName from the user-supplied podspec with no filtering, and Environment.Validate performed no security-relevant checks on these fields.

Details

A namespace user with create/update on environments.fission.io could produce privileged, host-network, hostPID pods in the Fission function or builder namespace. Because the Helm chart created the fission-function and fission-builder namespaces with no pod-security.kubernetes.io/enforce labels, Kubernetes Pod Security Admission did not catch the escape either.

From a host-network privileged pod with hostPID, the attacker could nsenter into the host, read cloud-metadata credentials, access the container-runtime socket, pivot to other namespaces, and fully compromise the node.

Impact

environments.fission.io create/update RBAC is escalated to node compromise — host filesystem and network access on the scheduling node, and from there potential cluster-wide takeover.

Fix

Fixed in #3391 and released in v1.24.0. Denylist at admission (the primary defence) plus belt-and-braces at the merge layer.

Admission denylist (pkg/apis/core/v1/podspec_safety.go::ValidatePodSpecSafety), called from Environment.Validate for both Runtime.PodSpec and Builder.PodSpec:

  • pod-level: HostNetwork, HostPID, HostIPC, ServiceAccountName / DeprecatedServiceAccount override, hostPath volumes;
  • per-container: SecurityContext.Privileged=true, SecurityContext.AllowPrivilegeEscalation=true, dangerous capabilities (SYS_ADMIN, NET_ADMIN, SYS_PTRACE, SYS_MODULE, DAC_READ_SEARCH, DAC_OVERRIDE).

Update-bypass closed: the Environment validating-webhook marker is extended from verbs=create to verbs=create;update (chart and envtest manifests aligned).

Merge-layer belt-and-braces (pkg/executor/util/merge.go): even if admission is bypassed (failurePolicy=Ignore or stale pre-webhook objects), the denylisted pod-level fields are stripped and per-container dangerous settings are sanitized before the merge (with SecurityContext deep-copied first so cached informer objects are not mutated). Legitimate operator hardening via the chart's pod-level securityContext (fsGroup, runAsNonRoot, runAsUser) still flows through.

Behavioural change

Environments that explicitly set any denylisted field are now rejected at admission. There is no legitimate Fission use case — these primitives exist for cluster operators, not Environment authors.

This is the same root cause and fix as GHSA-wmgg-3p4h-48x7.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.23.0"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/fission/fission"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.24.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-50564"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-284",
      "CWE-693"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-30T18:19:32Z",
    "nvd_published_at": "2026-06-10T18:17:12Z",
    "severity": "CRITICAL"
  },
  "details": "### Summary\n\nFission\u0027s `Environment` CRD exposes `spec.runtime.podSpec` and `spec.builder.podSpec`, which are merged into the Kubernetes pod specs for runtime and builder pods. The merge logic propagated `hostNetwork`, `hostPID`, `hostIPC`, container\n `privileged`, and `serviceAccountName` from the user-supplied podspec with no filtering, and `Environment.Validate` performed no security-relevant checks on these fields.\n\n### Details\n\nA namespace user with `create`/`update` on `environments.fission.io` could produce privileged, host-network, hostPID pods in the Fission function or builder namespace. Because the Helm chart created the `fission-function` and\n`fission-builder` namespaces with no `pod-security.kubernetes.io/enforce` labels, Kubernetes Pod Security Admission did not catch the escape either.\n\nFrom a host-network privileged pod with hostPID, the attacker could `nsenter` into the host, read cloud-metadata credentials, access the container-runtime socket, pivot to other namespaces, and fully compromise the node.\n\n### Impact\n\n`environments.fission.io` create/update RBAC is escalated to node compromise \u2014 host filesystem and network access on the scheduling node, and from there potential cluster-wide takeover.\n\n### Fix\n\nFixed in [#3391](https://github.com/fission/fission/pull/3391) and released in [v1.24.0](https://github.com/fission/fission/releases/tag/v1.24.0). Denylist at admission (the primary defence) plus belt-and-braces at the merge layer.\n\n**Admission denylist** (`pkg/apis/core/v1/podspec_safety.go::ValidatePodSpecSafety`), called from `Environment.Validate` for both `Runtime.PodSpec` and `Builder.PodSpec`:\n\n- pod-level: `HostNetwork`, `HostPID`, `HostIPC`, `ServiceAccountName` / `DeprecatedServiceAccount` override, hostPath volumes;\n- per-container: `SecurityContext.Privileged=true`, `SecurityContext.AllowPrivilegeEscalation=true`, dangerous capabilities (`SYS_ADMIN`, `NET_ADMIN`, `SYS_PTRACE`, `SYS_MODULE`, `DAC_READ_SEARCH`, `DAC_OVERRIDE`).\n\n**Update-bypass closed:** the `Environment` validating-webhook marker is extended from `verbs=create` to `verbs=create;update` (chart and envtest manifests aligned).\n\n**Merge-layer belt-and-braces** (`pkg/executor/util/merge.go`): even if admission is bypassed (`failurePolicy=Ignore` or stale pre-webhook objects), the denylisted pod-level fields are stripped and per-container dangerous settings are\nsanitized before the merge (with `SecurityContext` deep-copied first so cached informer objects are not mutated). Legitimate operator hardening via the chart\u0027s pod-level `securityContext` (fsGroup, runAsNonRoot, runAsUser) still flows\nthrough.\n\n### Behavioural change\n\nEnvironments that explicitly set any denylisted field are now rejected at admission. There is no legitimate Fission use case \u2014 these primitives exist for cluster operators, not Environment authors.\n\nThis is the same root cause and fix as GHSA-wmgg-3p4h-48x7.",
  "id": "GHSA-gx55-f84r-v3r7",
  "modified": "2026-06-30T18:19:32Z",
  "published": "2026-06-30T18:19:32Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/fission/fission/security/advisories/GHSA-gx55-f84r-v3r7"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50564"
    },
    {
      "type": "WEB",
      "url": "https://github.com/fission/fission/pull/3391"
    },
    {
      "type": "WEB",
      "url": "https://github.com/fission/fission/commit/e484df8460bb4e8026e24210120602aa7f181f64"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/fission/fission"
    },
    {
      "type": "WEB",
      "url": "https://github.com/fission/fission/releases/tag/v1.24.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Fission Environment CRD podspec passthrough enables hostPID/hostNetwork/privileged pods, node escape"
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…