GHSA-GC3J-79F2-7VVW

Vulnerability from github – Published: 2026-06-30 18:16 – Updated: 2026-06-30 18:16
VLAI
Summary
Fission: Cross-namespace event leakage via KubernetesWatchTrigger allows persistent tenant surveillance
Details

Summary

A low-privilege developer who could create a KubernetesWatchTrigger (KWT) in their own namespace was able to establish a persistent surveillance channel over any other namespace.

Details

Two independent flaws compounded:

  1. pkg/kubewatcher/kubewatcher.go::createKubernetesWatch used w.Spec.Namespace (user-controlled) directly as the Watch target without checking it against w.Namespace (the KWT's own namespace). kubewatcher established the Watch using its cluster-scoped service account and serialized every Pod/Service/Job change event as full JSON over HTTP POST to the attacker's function.
  2. The validating webhook (pkg/webhook/kuberneteswatchtrigger.go) registered verbs=create only, so update/patch requests bypassed validation entirely.

A separate leak: an empty spec.namespace resolved to all namespaces via the controller's default, letting an attacker omit the field to surveil the entire cluster.

Impact

A tenant with kuberneteswatchtriggers.fission.io/create could continuously receive full event payloads for Pods, Services, and Jobs in any namespace — a persistent cross-tenant surveillance channel requiring no additional privileges.

Fix

Fixed in #3379 and released in v1.24.0.

  • The validating webhook marker is extended to verbs=create;update.
  • Validate rejects KubernetesWatchTrigger.spec.namespace != metadata.namespace.
  • A controller guard in createKubernetesWatch rejects cross-namespace targets that bypass admission and coerces an empty Spec.Namespace to the trigger's own namespace.

Behavioural change

KubernetesWatchTriggers with an unset spec.namespace now watch only their own namespace instead of all namespaces. Anyone relying on the previous all-namespaces behaviour must create a separate KWT per namespace.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.23.0"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/fission/fission"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.24.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-49822"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284",
      "CWE-862"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-30T18:16:03Z",
    "nvd_published_at": "2026-06-10T18:17:10Z",
    "severity": "HIGH"
  },
  "details": "### Summary\n\nA low-privilege developer who could create a `KubernetesWatchTrigger` (KWT) in their own namespace was able to establish a persistent surveillance channel over any other namespace.\n\n### Details\n\nTwo independent flaws compounded:\n\n1. `pkg/kubewatcher/kubewatcher.go::createKubernetesWatch` used `w.Spec.Namespace` (user-controlled) directly as the Watch target without checking it against `w.Namespace` (the KWT\u0027s own namespace). `kubewatcher` established the Watch\nusing its cluster-scoped service account and serialized every Pod/Service/Job change event as full JSON over HTTP POST to the attacker\u0027s function.\n2. The validating webhook (`pkg/webhook/kuberneteswatchtrigger.go`) registered `verbs=create` only, so `update`/`patch` requests bypassed validation entirely.\n\nA separate leak: an empty `spec.namespace` resolved to **all namespaces** via the controller\u0027s default, letting an attacker omit the field to surveil the entire cluster.\n\n### Impact\n\nA tenant with `kuberneteswatchtriggers.fission.io/create` could continuously receive full event payloads for Pods, Services, and Jobs in any namespace \u2014 a persistent cross-tenant surveillance channel requiring no additional privileges.\n\n### Fix\n\nFixed in [#3379](https://github.com/fission/fission/pull/3379) and released in [v1.24.0](https://github.com/fission/fission/releases/tag/v1.24.0).\n\n- The validating webhook marker is extended to `verbs=create;update`.\n- `Validate` rejects `KubernetesWatchTrigger.spec.namespace != metadata.namespace`.\n- A controller guard in `createKubernetesWatch` rejects cross-namespace targets that bypass admission and coerces an empty `Spec.Namespace` to the trigger\u0027s own namespace.\n\n### Behavioural change\n\nKubernetesWatchTriggers with an unset `spec.namespace` now watch only their own namespace instead of all namespaces. Anyone relying on the previous all-namespaces behaviour must create a separate KWT per namespace.",
  "id": "GHSA-gc3j-79f2-7vvw",
  "modified": "2026-06-30T18:16:03Z",
  "published": "2026-06-30T18:16:03Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/fission/fission/security/advisories/GHSA-gc3j-79f2-7vvw"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-49822"
    },
    {
      "type": "WEB",
      "url": "https://github.com/fission/fission/pull/3379"
    },
    {
      "type": "WEB",
      "url": "https://github.com/fission/fission/commit/e2b92663499f4dc3a1e2d38178f39c3c65e0134a"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/fission/fission"
    },
    {
      "type": "WEB",
      "url": "https://github.com/fission/fission/releases/tag/v1.24.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Fission: Cross-namespace event leakage via KubernetesWatchTrigger allows persistent tenant surveillance"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…