Fission Environment SecurityContext Bypass: Privileged Container Injection via Admission Webhook Gap
Fission's Environment CRD fails to validate SecurityContext on standalone container fields, allowing attackers to inject privileged containers that bypass admission controls. This is a second-order bypass of prior hardening patches.
CVE References
Affected
Vulnerability Description
This is a validation-layer bypass affecting Fission's Environment custom resource definition (CRD). The vulnerability exists in the dual-path container specification mechanism: spec.runtime.container and spec.builder.container are standalone Container objects that are merged into runtime/builder pods separately from the monolithic PodSpec fields. The admission webhook Environment.Validate() only calls ValidatePodSpecSafety() on Runtime.PodSpec and Builder.PodSpec, completely bypassing the SecurityContext of the standalone container fields. Additionally, the merge-layer sanitizer sanitizeContainerSecurityContext() is only invoked inside MergePodSpec(), which is never called when only the container field is populated (PodSpec is nil). This creates a two-layer validation gap allowing privileged containers to reach the Kubernetes API server.
Proof-of-Concept Significance
The provided YAML demonstrates reliable, deterministic exploitation: by specifying only spec.runtime.container with privileged: true and leaving spec.runtime.podSpec null, an attacker bypasses both admission validation and runtime sanitization. The PoC requires cluster-level API access to create/modify Environment resources, but no special RBAC beyond standard user privileges is needed. This is a second-order bypass—it defeats hardening from CVE-2024-{gx55-f84r-v3r7, wmgg-3p4h-48x7, v455-mv2v-5g92}—indicating iterative security weaknesses in the validation architecture.
Detection Guidance
Audit log indicators: Search for Environment/EnvironmentManager CRD CREATE or PATCH events with requestObject.spec.runtime.container.securityContext.privileged == true or spec.builder.container.securityContext containing high-privilege capabilities (CAP_SYS_ADMIN, CAP_NET_ADMIN, CAP_SYS_MODULE). Pod-level detection: Monitor spawned pod SecurityContext attributes on fission-managed workloads (poolmgr, newdeploy, buildermgr); compare against declared PodSpec—discrepancies indicate container-field injection. Webhook logs: Enable verbose admission controller logging to catch rejected requests pre-enforcement. YARA-equivalent: Flag Environment manifests where container field is non-empty but podSpec is absent or nil, especially with privileged/hostNetwork/hostPID flags.
Mitigation Steps
Immediate: Upgrade Fission to a patched version where ValidatePodSpecSafety() is refactored to accept Container objects or a new ValidateContainerSafety() function is called in Environment.Validate() for both container fields; ensure sanitizeContainerSecurityContext() is invoked in MergeContainer() or before pod instantiation at poolmgr/newdeploy/buildermgr sites. Workaround (pre-patch): Implement a custom ValidatingWebhook that explicitly rejects Environment CRDs with non-nil spec.runtime.container.securityContext or spec.builder.container.securityContext until patches are available. Configuration: Restrict RBAC to limit who can create/modify Environment resources; enforce NetworkPolicy and PodSecurityPolicy/PSS to prevent privileged pod execution cluster-wide.
Risk Assessment
Likelihood in the wild: High—Fission is used in production Kubernetes environments; the PoC is trivial and requires only API access, not complex orchestration. Threat actor interest: Moderate to high; this enables privilege escalation and node escape if combined with container escape exploits. Blast radius: Cluster-wide—a privileged container can mount the host filesystem, access node credentials, and pivot to other workloads. Detectability: Medium—suspicious audit logs and pod SecurityContext mismatches are visible to defenders with proper logging enabled. Patch urgently and audit all existing Environment CRDs for the presence of container fields with elevated privileges.
Sources