GHSA-m63v-2g9w-2w6v

Suggest an improvement
Source
https://github.com/advisories/GHSA-m63v-2g9w-2w6v
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/06/GHSA-m63v-2g9w-2w6v/GHSA-m63v-2g9w-2w6v.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-m63v-2g9w-2w6v
Aliases
  • CVE-2026-50566
Published
2026-06-30T18:20:39Z
Modified
2026-06-30T18:30:08.030533449Z
Severity
  • 9.9 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
Fission: Environment Runtime.Container and Builder.Container SecurityContext bypass allows privileged pod creation
Details

Summary

A follow-up bypass of the round-4 PodSpec hardening (GHSA-gx55-f84r-v3r7, GHSA-wmgg-3p4h-48x7, GHSA-v455-mv2v-5g92). Those advisories validate and sanitize the PodSpec (spec.runtime.podSpec / spec.builder.podSpec / function.spec.podSpec), but the Environment CRD also exposes spec.runtime.container and spec.builder.container — a standalone Container merged into the runtime/builder pod whose SecurityContext bypassed both layers.

Details

Admission-layer gap. Environment.Validate() calls ValidatePodSpecSafety() on Runtime.PodSpec and Builder.PodSpec only. That function takes a *PodSpec, so it never inspects the standalone Runtime.Container.SecurityContext or Builder.Container.SecurityContext.

Merge-layer gap. sanitizeContainerSecurityContext() ran only inside MergePodSpec(). The container field is merged via MergeContainer(), which did not sanitize. With only Runtime.Container set and Runtime.PodSpec nil, MergePodSpec is never invoked, so the sanitizer never ran.

Affected merge sites: poolmgr (gp_deployment.go), newdeploy (newdeploy.go), and buildermgr (envwatcher.go).

Proof of concept

apiVersion: fission.io/v1
kind: Environment
metadata:
  name: priv-escape-test
  namespace: default
spec:
  version: 3
  runtime:
    image: "ghcr.io/fission/python-env:latest"
    container:
      name: priv-escape-test
      securityContext:
        privileged: true
  poolsize: 1

The admission webhook accepts this Environment and the resulting pool pod runs with privileged: true. Equivalent bypasses: allowPrivilegeEscalation: true, capabilities.add: ["SYS_ADMIN"], capabilities.add: ["NET_ADMIN","SYS_PTRACE"]. The same attack applies to Builder.Container.

Impact

A tenant with environments.fission.io create/update RBAC can run privileged / allowPrivilegeEscalation / dangerous-capability containers in the Fission function or builder namespace, scheduled under the executor's high-privilege service account — enabling container-sandbox escape, host filesystem and network access, and potential node- and cluster-level compromise. Identical blast radius to GHSA-gx55-f84r-v3r7.

Fix

Fixed in #3406 and released in v1.24.0.

  • Admission layer (primary defence): a new ValidateContainerSafety in pkg/apis/core/v1/podspec_safety.go applies the per-container SecurityContext denylist (privileged, allowPrivilegeEscalation, dangerous capabilities) to a standalone container, and is called from Environment.Validate() for Runtime.Container and Builder.Container.
  • Merge layer (defence in depth): sanitizeContainerSecurityContext() is now invoked inside MergeContainer() itself, covering all three executor/builder call sites.

Workarounds

  • Restrict Environment create/update RBAC to trusted administrators.
  • Deploy a Kyverno / OPA Gatekeeper policy rejecting dangerous Container SecurityContext on Environment CRDs.
  • Label the function/builder namespaces with pod-security.kubernetes.io/enforce: restricted.

References

  • GHSA-gx55-f84r-v3r7, GHSA-wmgg-3p4h-48x7, GHSA-v455-mv2v-5g92 — the round-4 PodSpec fixes this advisory bypasses (#3391, e484df84).
Database specific
{
    "nvd_published_at": "2026-06-10T18:17:13Z",
    "severity": "CRITICAL",
    "cwe_ids": [
        "CWE-250",
        "CWE-269"
    ],
    "github_reviewed_at": "2026-06-30T18:20:39Z",
    "github_reviewed": true
}
References

Affected packages

Go / github.com/fission/fission

Package

Name
github.com/fission/fission
View open source insights on deps.dev
Purl
pkg:golang/github.com/fission/fission

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.24.0

Database specific

source
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/06/GHSA-m63v-2g9w-2w6v/GHSA-m63v-2g9w-2w6v.json"
last_known_affected_version_range
"<= 1.23.0"