Description
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, Fission runtime pods were created with ServiceAccountName: fission-fetcher, and the fission-fetcher ServiceAccount was granted namespace-wide get on secrets and configmaps (it needs that to load function code, env vars, and config). The runtime pod's automounted token was reachable from inside the user's function container at /var/run/secrets/kubernetes.io/serviceaccount/token, so user-supplied function code inherited the same Kubernetes API privileges and could read any secret or configmap in the function's namespace — far beyond the Function.spec.secrets allowlist that the function specification suggests. This issue has been patched in version 1.23.0.
Published: 2026-06-10
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Fission runtime pods were created with the ServiceAccountName fission‑fetcher, which has cluster‑level permission to read all secrets and configmaps in the namespace. The runtime pod’s automated token was mounted into the user’s function container, allowing any function code executed in that container to use the fission‑fetcher API token and read or enumerate any secret or configmap within the namespace. This results in privileged access to sensitive data beyond the Function.spec.secrets allow‑list that users intend to expose. The weakness is a combination of improper privilege assignment (CWE‑250, CWE‑269) and insecure default configuration (CWE‑538).

Affected Systems

The vulnerability affects all releases of the Fission open‑source serverless framework prior to version 1.23.0. Administrators using earlier versions should verify their installation and plan an update to mitigate the issue.

Risk and Exploitability

The vulnerability carries a CVSS base score of 8.7, indicating high severity. The EPSS score is currently unavailable, and the issue is not listed in the CISA KEV catalog. The attack vector requires that an attacker can supply or alter function code within the cluster; once inside the function container, the attacker can read any secret or configmap exposed in the namespace. The risk is significant for environments that rely on strict namespace isolation for secrets protection.

Generated by OpenCVE AI on June 10, 2026 at 19:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Fission to version 1.23.0 or later to ensure the runtime pod no longer mounts the fission‑fetcher ServiceAccount token into the function container.
  • If an upgrade cannot be performed immediately, modify the ServiceAccount for the fission‑fetcher to remove the namespace‑wide get permission on secrets and configmaps, limiting it to only the resources required for function deployment.
  • Disable the automount feature for the fission‑fetcher ServiceAccount or switch the runtime pod to a dedicated, restricted ServiceAccount that does not provide broad secret access.

Generated by OpenCVE AI on June 10, 2026 at 19:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-85g2-pmrx-r49q Fission runtime pods automount the fission-fetcher service-account token into the user function container, granting function code namespace-wide secret / configmap read
History

Wed, 10 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
Description Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, Fission runtime pods were created with ServiceAccountName: fission-fetcher, and the fission-fetcher ServiceAccount was granted namespace-wide get on secrets and configmaps (it needs that to load function code, env vars, and config). The runtime pod's automounted token was reachable from inside the user's function container at /var/run/secrets/kubernetes.io/serviceaccount/token, so user-supplied function code inherited the same Kubernetes API privileges and could read any secret or configmap in the function's namespace — far beyond the Function.spec.secrets allowlist that the function specification suggests. This issue has been patched in version 1.23.0.
Title Fission runtime pods automount the fission-fetcher service-account token into the user function container, granting function code namespace-wide secret / configmap read
Weaknesses CWE-250
CWE-269
CWE-538
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-10T18:20:14.471Z

Reserved: 2026-05-15T19:34:14.012Z

Link: CVE-2026-46617

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-06-10T18:17:05.720

Modified: 2026-06-10T19:37:41.437

Link: CVE-2026-46617

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T19:45:39Z

Weaknesses