Nuclio Cron Trigger Command Injection via Unsanitized Event Headers and Body
Nuclio controller constructs shell commands for Kubernetes CronJobs using unsanitized user-supplied event headers and body, enabling arbitrary command execution with cluster-level privileges. This PoC demonstrates a critical OS command injection (CWE-78) requiring immediate patching.
CVE References
Affected
Vulnerability Description
Nuclio's cron trigger reconciliation in lazy.go:2113 constructs a shell command string passed to /bin/sh -c without proper input sanitization. Two distinct injection vectors exist: (1) Header key injection — trigger event header keys are interpolated directly into --header "key: value" arguments within double quotes, allowing attackers to break the quoting context with embedded " characters; (2) Body command substitution — the event body is processed with strconv.Quote() which escapes quotes and backslashes but permits $() subshell syntax, enabling arbitrary command substitution. This is CWE-78 (Improper Neutralization of Special Elements in OS Commands), with CVSS 3.1 score 9.9 (Critical).
PoC Significance
The disclosed PoC confirms both injection paths are exploitable in Nuclio 1.15.27 (the latest version as of the advisory date). The vulnerability is trivial to trigger — an attacker with the ability to create or modify a NuclioFunction resource with a cron trigger (either through direct API access or by poisoning a GitOps workflow) can inject malicious commands. Since the CronJob executes within the Kubernetes cluster with the controller's service account permissions, successful exploitation yields persistent RCE with potential for privilege escalation, lateral movement, and cluster compromise. The PoC's significance lies in confirming dynamic execution of injected commands in a production-like environment.
Detection Guidance
Log Indicators:
- Kubernetes API audit logs:
NuclioFunctionorCronJobcreation/update events with unusualcurlinvocations or event headers containing special characters (",$, backticks,|,;). - Controller logs: errors during CronJob creation, unexpected command syntax, or shell command parsing failures.
- Container runtime logs: unexpected child processes spawned by cron jobs (e.g.,
sh,bash,wget,nclaunched outside normal cron schedules).
Signature Recommendations:
- Monitor CronJob
spec.jobTemplate.spec.template.spec.containers[0].argsfor patterns:curl.*--header.*\$\(,curl.*--data.*\$\(, or unescaped quotes in header keys. - Alert on NuclioFunction events where
spec.triggers[*].attributes.event.headerskeys contain:",\,$, backticks, or shell metacharacters.
YARA-style indicators:
- Pattern:
--header "[^:]*["\$\(]in CronJob command strings (indicates broken quoting or substitution).
Mitigation Steps
- Immediate: Upgrade Nuclio to a patched version > 1.15.27 once available.
- Interim workaround: Restrict RBAC permissions for
NuclioFunctionresource creation/modification to trusted principals only; implement a mutating webhook to reject triggers with suspicious header keys or body payloads. - Network isolation: Limit egress from Nuclio controller and CronJob pods to known-safe destinations only.
- Configuration hardening: Disable cron triggers if not required; audit existing cron triggers for anomalous event specifications.
- Code review: Patch should use proper shell escaping (e.g.,
shlex.quote()equivalent, parameterized commands, or avoid shell invocation entirely by using direct API calls).
Risk Assessment
Likelihood of exploitation: Very high — this vulnerability requires only the ability to create/modify a Nuclio resource, which is typically available to application developers or GitOps automation. No user interaction is required; exploitation is deterministic and reliable.
Threat actor interest: High — Kubernetes environments are attractive targets for both opportunistic and APT-level actors. Persistent RCE via cron jobs enables supply chain attacks (e.g., poisoning container images, exfiltrating secrets, establishing C2 infrastructure).
Exposure: Organizations running Nuclio 1.15.27 or earlier on Kubernetes clusters are at immediate risk, especially in multi-tenant environments where users can deploy functions or control GitOps repositories.
Sources