{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/fission/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["fission/fission (\u003c= 1.22.0)"],"_cs_severities":["high"],"_cs_tags":["privilege-escalation","kubernetes","faas"],"_cs_type":"advisory","_cs_vendors":["Fission"],"content_html":"\u003cp\u003eFission is a function-as-a-service (FaaS) framework for Kubernetes. Prior to version 1.23.0, Fission runtime pods were configured with the \u003ccode\u003efission-fetcher\u003c/code\u003e service account, which had broad permissions to read secrets and configmaps within its namespace. This was necessary for the fetcher sidecar to retrieve function code, environment variables, and configuration data. However, the service account token was automatically mounted into the user\u0026rsquo;s function container at \u003ccode\u003e/var/run/secrets/kubernetes.io/serviceaccount/token\u003c/code\u003e. This exposed the token to user-supplied function code, granting it unintended Kubernetes API privileges and the ability to read any secret or configmap in the function\u0026rsquo;s namespace, bypassing the intended security controls defined by \u003ccode\u003eFunction.spec.secrets\u003c/code\u003e. This vulnerability allows malicious function code to escalate privileges and access sensitive data within the Kubernetes namespace.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker gains the ability to deploy or update a Fission \u003ccode\u003eFunction\u003c/code\u003e or \u003ccode\u003ePackage\u003c/code\u003e resource in a Kubernetes namespace.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious function that reads the service account token file located at \u003ccode\u003e/var/run/secrets/kubernetes.io/serviceaccount/token\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe function uses the token to authenticate against the Kubernetes API server.\u003c/li\u003e\n\u003cli\u003eThe function queries the Kubernetes API to list and read all secrets within the namespace.\u003c/li\u003e\n\u003cli\u003eThe function retrieves sensitive data from the secrets, such as TLS keys, OIDC client secrets, database credentials, or cloud provider credentials.\u003c/li\u003e\n\u003cli\u003eThe function queries the Kubernetes API to list and read all configmaps within the namespace.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the stolen credentials to pivot to other Kubernetes resources or external systems.\u003c/li\u003e\n\u003cli\u003eThe attacker compromises other systems or resources using the obtained credentials.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows an attacker to read every secret and configmap within a Kubernetes namespace where Fission runtime pods are scheduled. This could include sensitive information such as database credentials, API keys, and TLS certificates. By gaining access to these secrets, an attacker could potentially compromise other applications and services running within the cluster, or even gain unauthorized access to external systems. The vulnerability violates the principle that \u003ccode\u003eFunction.spec.secrets\u003c/code\u003e should be the sole declaration of secrets accessible to a function.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Fission version 1.23.0 or later, where the user function container has \u003ccode\u003eAutomountServiceAccountToken\u003c/code\u003e set to \u003ccode\u003efalse\u003c/code\u003e at the container level to prevent the token leak, as described in \u003ca href=\"https://github.com/fission/fission/pull/3366\"\u003ePR #3366\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eUntil an upgrade is possible, restrict who can create or update \u003ccode\u003eFunction\u003c/code\u003e and \u003ccode\u003ePackage\u003c/code\u003e CRDs in your cluster, treating function code deployment as equivalent to namespace-wide secret read.\u003c/li\u003e\n\u003cli\u003eReduce the scope of the \u003ccode\u003efission-fetcher\u003c/code\u003e ClusterRole/Role where possible, limiting access to specific named secrets via separate Role bindings.\u003c/li\u003e\n\u003cli\u003eImplement NetworkPolicy egress rules to deny function pods access to the Kubernetes API server, mitigating the impact of a token leak.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-21T20:18:20Z","date_published":"2026-05-21T20:18:20Z","id":"https://feed.craftedsignal.io/briefs/2026-05-fission-sa-token-leak/","summary":"Fission runtime pods were created with the `fission-fetcher` service account, granting namespace-wide `get` access to secrets and configmaps; the runtime pod's automounted token was reachable from inside the user's function container, allowing user-supplied function code to inherit the same Kubernetes API privileges and read any secret or configmap in the function's namespace, far beyond the intended `Function.spec.secrets` allowlist.","title":"Fission Function Pods Leak Service Account Token, Enabling Namespace-Wide Secret Access","url":"https://feed.craftedsignal.io/briefs/2026-05-fission-sa-token-leak/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["fission"],"_cs_severities":["critical"],"_cs_tags":["fission","function-invocation","bypass","kubernetes"],"_cs_type":"advisory","_cs_vendors":["Fission"],"content_html":"\u003cp\u003eFission is a Kubernetes-native serverless framework. Versions up to 1.22.0 are vulnerable to a function invocation bypass. The Fission router registered an internal-style route (\u003ccode\u003e/fission-function/\u0026lt;ns\u0026gt;/\u0026lt;name\u0026gt;\u003c/code\u003e) for every Function object, irrespective of any existing HTTPTrigger. This route was exposed on the public listener (svc/router, port 8888). An attacker capable of reaching the router could invoke any function by guessing its \u003ccode\u003emetadata.name\u003c/code\u003e and namespace, thereby circumventing the constraints specified in HTTPTrigger objects, such as host, path, and allowed methods. This vulnerability was patched in version v1.23.0.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a Fission deployment with a publicly accessible router (svc/router, port 8888).\u003c/li\u003e\n\u003cli\u003eAttacker enumerates or guesses the \u003ccode\u003emetadata.name\u003c/code\u003e and namespace of Fission functions.\u003c/li\u003e\n\u003cli\u003eAttacker crafts an HTTP GET request to \u003ccode\u003e/fission-function/\u0026lt;ns\u0026gt;/\u0026lt;name\u0026gt;\u003c/code\u003e on the public router endpoint.\u003c/li\u003e\n\u003cli\u003eThe Fission router, lacking proper access control, forwards the request to the specified function.\u003c/li\u003e\n\u003cli\u003eThe function executes, potentially performing unintended actions or leaking sensitive information.\u003c/li\u003e\n\u003cli\u003eIn multi-tenant environments, an attacker in one tenant\u0026rsquo;s pod can invoke functions in another tenant\u0026rsquo;s namespace, crossing tenant boundaries.\u003c/li\u003e\n\u003cli\u003eAttacker bypasses HTTPTrigger-level restrictions (e.g., a function published only on POST /api/v2/foo can be invoked as GET /fission-function/\u003cns\u003e/\u003cname\u003e).\u003c/li\u003e\n\u003cli\u003eThe attacker probes response semantics (404 vs 200 vs 502) to enumerate existing function names.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation allows external callers to invoke functions that were not intended for public access, such as internal helpers or sample functions. It also bypasses HTTPTrigger restrictions, enabling invocation of functions with arbitrary headers and bodies. In multi-tenant deployments, this vulnerability can cross tenant boundaries, potentially leading to unauthorized access to sensitive data or resources. Function names can also be enumerated by probing the response semantics, providing attackers with valuable information for further attacks.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Fission v1.23.0 or later to incorporate the fix implemented in PR #3369, which separates public and internal listeners.\u003c/li\u003e\n\u003cli\u003eApply a NetworkPolicy to the Fission namespace to restrict ingress to \u003ccode\u003esvc/router\u003c/code\u003e (port 8888) only from authorized sources and block access to \u003ccode\u003e/fission-function/...\u003c/code\u003e as suggested in the mitigation steps.\u003c/li\u003e\n\u003cli\u003eIf an ingress controller is used, implement path-based filtering at the ingress layer to block access to \u003ccode\u003e/fission-function/\u003c/code\u003e until the upgrade is complete.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Fission Function Invocation Bypass\u003c/code\u003e to identify attempts to exploit this vulnerability.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-21T20:15:31Z","date_published":"2026-05-21T20:15:31Z","id":"https://feed.craftedsignal.io/briefs/2026-05-fission-function-bypass/","summary":"The Fission router exposes the `/fission-function/\u003cns\u003e/\u003cname\u003e` endpoint on its public listener, allowing invocation of any function without an HTTPTrigger, leading to unauthorized function access and potential cross-tenant exploitation; patched in v1.23.0.","title":"Fission Function Invocation Bypass via Public Router Endpoint","url":"https://feed.craftedsignal.io/briefs/2026-05-fission-function-bypass/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Fission (\u003c= 1.22.0)","fission/fission"],"_cs_severities":["high"],"_cs_tags":["kubernetes","serverless","authentication-bypass","code-execution"],"_cs_type":"threat","_cs_vendors":["Fission"],"content_html":"\u003cp\u003eFission is a serverless framework for Kubernetes. A critical vulnerability exists within the \u003ccode\u003estoragesvc\u003c/code\u003e component of Fission versions 1.22.0 and earlier. The \u003ccode\u003estoragesvc\u003c/code\u003e registers archive CRUD handlers (\u003ccode\u003e/v1/archive\u003c/code\u003e GET / POST / DELETE and \u003ccode\u003e/v1/archives\u003c/code\u003e list) directly on its HTTP router without any authentication or authorization checks. This oversight enables any workload within the same Kubernetes cluster to interact with the archive storage service, bypassing tenant boundaries. The vulnerability was addressed in Fission v1.23.0 via PR #3368, which implemented HMAC verification, and defense in depth was added via PR #3365 which implemented a NetworkPolicy for the service. This unauthenticated access allows attackers to enumerate, download, modify, or delete function deployment archives, impacting code integrity and confidentiality.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker compromises a pod within the Kubernetes cluster hosting Fission.\u003c/li\u003e\n\u003cli\u003eThe compromised pod discovers the \u003ccode\u003estoragesvc\u003c/code\u003e ClusterIP.\u003c/li\u003e\n\u003cli\u003eThe attacker sends an unauthenticated GET request to \u003ccode\u003e/v1/archives\u003c/code\u003e to enumerate archive IDs.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a GET request to \u003ccode\u003e/v1/archive/{archiveID}\u003c/code\u003e to download a function\u0026rsquo;s deployment archive, exposing source code and embedded secrets.\u003c/li\u003e\n\u003cli\u003eAlternatively, the attacker sends a DELETE request to \u003ccode\u003e/v1/archive/{archiveID}\u003c/code\u003e to remove a function archive, causing function specialization failures.\u003c/li\u003e\n\u003cli\u003eThe attacker can also send a POST request to \u003ccode\u003e/v1/archive\u003c/code\u003e to upload a malicious archive.\u003c/li\u003e\n\u003cli\u003eSubsequent function specializations fetch and execute the uploaded malicious archive.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves arbitrary code execution within the Fission environment, potentially leading to further compromise.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation allows a workload within the cluster to enumerate every function deployment archive, download sensitive function code and secrets, delete archives causing function failures, and upload malicious archives leading to code execution. This completely breaks tenant boundaries in multi-tenant Fission deployments. The absence of authentication on the \u003ccode\u003estoragesvc\u003c/code\u003e endpoint allows for trivial exploitation from any compromised workload within the cluster. This vulnerability is tracked as CVE-2026-46612.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Fission to v1.23.0 or later to incorporate the authentication fix introduced in PR #3368.\u003c/li\u003e\n\u003cli\u003eEnable the Helm chart\u0026rsquo;s per-service NetworkPolicy (set \u003ccode\u003enetworkPolicy.enabled=true\u003c/code\u003e) as outlined in the Mitigation section of the advisory.\u003c/li\u003e\n\u003cli\u003eImplement egress/ingress restrictions for \u003ccode\u003estoragesvc\u003c/code\u003e to limit network access to only the executor, builder, and fetcher pods, as described in the advisory.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Unauthenticated Access to Fission StorageSvc Archive Endpoint\u0026rdquo; to detect unauthorized access attempts to the \u003ccode\u003e/v1/archive\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Fission StorageSvc Archive Manipulation\u0026rdquo; to detect POST/DELETE attempts to the \u003ccode\u003e/v1/archive\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-21T20:08:37Z","date_published":"2026-05-21T20:08:37Z","id":"https://feed.craftedsignal.io/briefs/2026-05-fission-storagesvc-auth-bypass/","summary":"The Fission `storagesvc` component exposes unauthenticated CRUD operations on the `/v1/archive` endpoint, allowing any workload within the same Kubernetes cluster to enumerate archive IDs, download archives, upload arbitrary content, and delete archives, leading to potential code and secret exposure and function disruption.","title":"Fission StorageSvc Unauthenticated Archive CRUD Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-fission-storagesvc-auth-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — Fission","version":"https://jsonfeed.org/version/1.1"}