Fission Container Executor PodSpec Injection – Privilege Escalation via Unvalidated Tenant Input
Fission's container executor fails to validate user-supplied PodSpec content, allowing tenants with only function-creation rights to inject host namespace access and privileged containers, escalating to node-level compromise. This is a direct privilege-escalation path from application-level RBAC to infrastructure control.
CVE References
Affected
Vulnerability Description
This vulnerability exploits a missing input validation + insecure merge pattern in Fission's container executor. The root cause is twofold: (1) FunctionSpec.Validate() only checks for the presence of a PodSpec but does not inspect its contents for dangerous fields, and (2) MergePodSpec() unconditionally forwards security-sensitive fields (hostPID, hostNetwork, hostIPC, privileged mode, host-path volumes, and service account overrides) into the resulting Deployment. A tenant holding only functions.fission.io/create RBAC permission can craft a Function CRD with a malicious PodSpec that mounts the host filesystem and shares host namespaces. Because the executor runs under a high-privilege service account with deployments/create permissions, it inadvertently creates the attacker's Deployment with the specified pod-security configuration, turning application-level function creation into effective cluster control.
PoC Significance
This proof-of-concept demonstrates a direct privilege-escalation vector that bypasses Kubernetes' multi-tenancy controls. The PoC proves that an attacker requires only a low-privilege RBAC role (function developer) to achieve administrative-equivalent capabilities (node escape, host filesystem access, and arbitrary container privilege escalation). The attack is highly reliable because it does not depend on race conditions or runtime behavior; it is a deterministic payload-injection flaw. Preconditions are minimal: a Fission cluster with the container executor enabled and a tenant account with functions/create permissions (a common baseline in multi-tenant environments).
Detection Guidance
Log Indicators:
- Monitor
functioncreatedorfunctionupdatedaudit events followed immediately bydeploymentcreatedevents with identical pod-security parameters. - Search audit logs for Deployments created with
hostPID: true,hostNetwork: true,hostIPC: true, orprivileged: truein the pod spec, especially when the creator is a non-admin service account (the executor). - Flag Functions where
spec.podSpeccontains host-related fields that differ from the executor's baseline template. - Watch for service account name overrides in Function specs that grant higher privileges than the creator's own RBAC allows.
Monitoring Rules:
- Alert on any
functions.fission.io/createevent that results in a Deployment with host namespace sharing or privileged containers. - Correlate Function creation events with subsequent node-level access logs (kubelet API calls, host filesystem mounts detected via container runtime events).
Mitigation Steps
- Immediate Patch: Upgrade Fission to a patched version that validates PodSpec content against a security policy (whitelist allowed fields).
- Input Validation Fix: Implement strict allowlisting in
FunctionSpec.Validate()to reject any PodSpec containinghostPID,hostNetwork,hostIPC, privileged mode, host-path volume definitions, or service account overrides. - Merge Security: Modify
MergePodSpec()to strip or reject security-sensitive fields before merging tenant input into the executor's template. - RBAC Hardening: Restrict the executor's service account to
deployments/createonly in the function namespace, and audit which namespaces it has permissions in. - Pod Security Policy / Standards: Enforce a restrictive PSP or Kubernetes Pod Security Standards (PSS) at the enforcer namespace level that forbids
hostPID,hostNetwork, andprivilegedcontainers. - Temporary Workaround: Disable the container executor if not required, or restrict
functions.fission.io/createpermissions to trusted users only.
Risk Assessment
Likelihood of Exploitation: High. This vulnerability requires only standard tenant permissions in a multi-tenant Fission cluster and is trivial to exploit once discovered. The attack surface is broad: any tenant function developer can attempt it. No special network access, timing, or external resources are needed.
Threat Actor Interest: Very high. Cloud-native environments running shared Fission clusters (e.g., SaaS platforms, managed Kubernetes services, internal multi-tenant platforms) are attractive targets. Ransomware operators and cloud-focused APTs will prioritize RBAC-bypass exploits like this to maintain persistence and lateral movement across tenant boundaries.
In-the-Wild Risk: Moderate-to-high risk of exploitation by insiders or compromised developer accounts. External attackers would need legitimate function-developer credentials, but social engineering, phishing, or credential harvesting could grant this access. The vulnerability's deterministic nature and minimal prerequisites make it a high-confidence target for adversary playbooks.
Sources