CVE-2026-50565
MEDIUM
4,9
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: high
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none
Description
AI Translation Available
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission builder pods were created with ServiceAccountName: fission-builder and no AutomountServiceAccountToken: false, so the kubelet auto-mounted the service-account token into every container in the pod — including the user-supplied builder image. This issue has been patched in version 1.24.0.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0003
Percentile
0,1th
Updated
EPSS Score Trend (Last 4 Days)
250
Execution with Unnecessary Privileges
DraftCommon Consequences
Security Scopes Affected:
Confidentiality
Integrity
Availability
Access Control
Potential Impacts:
Gain Privileges Or Assume Identity
Execute Unauthorized Code Or Commands
Read Application Data
Dos: Crash, Exit, Or Restart
Applicable Platforms
Technologies:
AI/ML, Mobile
269
Improper Privilege Management
DraftCommon Consequences
Security Scopes Affected:
Access Control
Potential Impacts:
Gain Privileges Or Assume Identity
Applicable Platforms
All platforms may be affected
538
Insertion of Sensitive Information into Externally-Accessible File or Directory
DraftCommon Consequences
Security Scopes Affected:
Confidentiality
Potential Impacts:
Read Files Or Directories
Applicable Platforms
All platforms may be affected
https://github.com/fission/fission/pull/3390
https://github.com/fission/fission/releases/tag/v1.24.0
https://github.com/fission/fission/security/advisories/GHSA-8wcj-mfrc-jx5q