GHSA-wmgg-3p4h-48x7
Fission Environment CRD PodSpec Injection Leading to Node Escape and Cluster Takeover
Details
### Summary
A stronger framing of the same root cause as GHSA-gx55-f84r-v3r7: the `Environment.spec.runtime.podSpec` / `spec.builder.podSpec` passthrough lacked validation, and `MergePodSpec` propagated dangerous fields into the generated pods.
### Details
Three independent flaws compounded:
1. **Validate gap.** `pkg/apis/core/v1/validation.go::Environment.Validate` checked only container naming conventions, never `hostPID`/`hostIPC`/`hostNetwork`/`hostPath`/`privileged`. 2. **UPDATE bypass.** The `pkg/webhook/environment.go` kubebuilder marker registered `verbs=create` only. A tenant could `kubectl apply` a clean Environment and then `kubectl patch` in the dangerous fields — the webhook was never called. 3. **Merge propagation.** `pkg/executor/util/merge.go::MergePodSpec` unconditionally forwarded `HostPID`, `HostIPC`, `HostNetwork`, `Volumes` (including hostPath), `SecurityContext`, and `ServiceAccountName` into the Deployments generated by poolmgr / newdeploy / buildermgr.
A `kubectl apply` plus a follow-up `kubectl patch` caused poolmgr to schedule a privileged pod with a host-root mount within roughly 20 seconds. From that pod the cluster CA private key was readable, allowing the attacker to sign arbitrary kubelet certificates and achieve full cluster takeover.
### Impact
`environments.fission.io` create/update RBAC is escalated to node escape and, via the readable cluster CA key, full cluster takeover.
### Fix
Fixed in [#3391](https://github.com/fission/fission/pull/3391) (with the companion buildermgr SA-token fix in [#3390](https://github.com/fission/fission/pull/3390)) and released in [v1.24.0](https://github.com/fission/fission/releases/tag/v1.24.0). Each enumerated flaw is addressed:
1. **Validate** — `ValidatePodSpecSafety` is called from `Environment.Validate` for both `Runtime.PodSpec` and `Builder.PodSpec`. 2. **UPDATE bypass** — the webhook marker is extended to `verbs=create;update`; chart and envtest manifests are aligned. 3. **Merge propagation** — host namespaces, `ServiceAccountName`, and hostPath volumes are stripped at the merge layer; per-container `privileged`/`allowPrivilegeEscalation` and dangerous capabilities are sanitized.
See GHSA-gx55-f84r-v3r7 for the detailed fix — both advisories close to the same commit.
### Duplicate handling
This advisory and GHSA-gx55-f84r-v3r7 were reported separately but close to the same code fix. Both are published to acknowledge each reporter's contribution and to keep the public CVE record clear about the multi-layer nature of the issue.
Are you affected?
Enter the version of the package you're using.
Affected packages
0 Fixed in: 1.24.0 go get github.com/fission/fission@v1.24.0 References
- https://github.com/fission/fission/security/advisories/GHSA-wmgg-3p4h-48x7 [WEB]
- https://nvd.nist.gov/vuln/detail/CVE-2026-50545 [ADVISORY]
- https://github.com/fission/fission/pull/3390 [WEB]
- https://github.com/fission/fission/pull/3391 [WEB]
- https://github.com/fission/fission/commit/8fa799417c77ce8a0189d9858bfe11ece29b84a6 [WEB]
- https://github.com/fission/fission/commit/e484df8460bb4e8026e24210120602aa7f181f64 [WEB]
- https://github.com/fission/fission [PACKAGE]
- https://github.com/fission/fission/releases/tag/v1.24.0 [WEB]