GHSA-GC3J-79F2-7VVW
Vulnerability from github – Published: 2026-06-30 18:16 – Updated: 2026-06-30 18:16Summary
A low-privilege developer who could create a KubernetesWatchTrigger (KWT) in their own namespace was able to establish a persistent surveillance channel over any other namespace.
Details
Two independent flaws compounded:
pkg/kubewatcher/kubewatcher.go::createKubernetesWatchusedw.Spec.Namespace(user-controlled) directly as the Watch target without checking it againstw.Namespace(the KWT's own namespace).kubewatcherestablished the Watch using its cluster-scoped service account and serialized every Pod/Service/Job change event as full JSON over HTTP POST to the attacker's function.- The validating webhook (
pkg/webhook/kuberneteswatchtrigger.go) registeredverbs=createonly, soupdate/patchrequests bypassed validation entirely.
A separate leak: an empty spec.namespace resolved to all namespaces via the controller's default, letting an attacker omit the field to surveil the entire cluster.
Impact
A tenant with kuberneteswatchtriggers.fission.io/create could continuously receive full event payloads for Pods, Services, and Jobs in any namespace — a persistent cross-tenant surveillance channel requiring no additional privileges.
Fix
Fixed in #3379 and released in v1.24.0.
- The validating webhook marker is extended to
verbs=create;update. ValidaterejectsKubernetesWatchTrigger.spec.namespace != metadata.namespace.- A controller guard in
createKubernetesWatchrejects cross-namespace targets that bypass admission and coerces an emptySpec.Namespaceto the trigger's own namespace.
Behavioural change
KubernetesWatchTriggers with an unset spec.namespace now watch only their own namespace instead of all namespaces. Anyone relying on the previous all-namespaces behaviour must create a separate KWT per namespace.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.23.0"
},
"package": {
"ecosystem": "Go",
"name": "github.com/fission/fission"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.24.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-49822"
],
"database_specific": {
"cwe_ids": [
"CWE-284",
"CWE-862"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-30T18:16:03Z",
"nvd_published_at": "2026-06-10T18:17:10Z",
"severity": "HIGH"
},
"details": "### Summary\n\nA low-privilege developer who could create a `KubernetesWatchTrigger` (KWT) in their own namespace was able to establish a persistent surveillance channel over any other namespace.\n\n### Details\n\nTwo independent flaws compounded:\n\n1. `pkg/kubewatcher/kubewatcher.go::createKubernetesWatch` used `w.Spec.Namespace` (user-controlled) directly as the Watch target without checking it against `w.Namespace` (the KWT\u0027s own namespace). `kubewatcher` established the Watch\nusing its cluster-scoped service account and serialized every Pod/Service/Job change event as full JSON over HTTP POST to the attacker\u0027s function.\n2. The validating webhook (`pkg/webhook/kuberneteswatchtrigger.go`) registered `verbs=create` only, so `update`/`patch` requests bypassed validation entirely.\n\nA separate leak: an empty `spec.namespace` resolved to **all namespaces** via the controller\u0027s default, letting an attacker omit the field to surveil the entire cluster.\n\n### Impact\n\nA tenant with `kuberneteswatchtriggers.fission.io/create` could continuously receive full event payloads for Pods, Services, and Jobs in any namespace \u2014 a persistent cross-tenant surveillance channel requiring no additional privileges.\n\n### Fix\n\nFixed in [#3379](https://github.com/fission/fission/pull/3379) and released in [v1.24.0](https://github.com/fission/fission/releases/tag/v1.24.0).\n\n- The validating webhook marker is extended to `verbs=create;update`.\n- `Validate` rejects `KubernetesWatchTrigger.spec.namespace != metadata.namespace`.\n- A controller guard in `createKubernetesWatch` rejects cross-namespace targets that bypass admission and coerces an empty `Spec.Namespace` to the trigger\u0027s own namespace.\n\n### Behavioural change\n\nKubernetesWatchTriggers with an unset `spec.namespace` now watch only their own namespace instead of all namespaces. Anyone relying on the previous all-namespaces behaviour must create a separate KWT per namespace.",
"id": "GHSA-gc3j-79f2-7vvw",
"modified": "2026-06-30T18:16:03Z",
"published": "2026-06-30T18:16:03Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/fission/fission/security/advisories/GHSA-gc3j-79f2-7vvw"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-49822"
},
{
"type": "WEB",
"url": "https://github.com/fission/fission/pull/3379"
},
{
"type": "WEB",
"url": "https://github.com/fission/fission/commit/e2b92663499f4dc3a1e2d38178f39c3c65e0134a"
},
{
"type": "PACKAGE",
"url": "https://github.com/fission/fission"
},
{
"type": "WEB",
"url": "https://github.com/fission/fission/releases/tag/v1.24.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Fission: Cross-namespace event leakage via KubernetesWatchTrigger allows persistent tenant surveillance"
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.