CVE-2024-39690 Capsule tenant owner with "patch namespace" permission can hijack system namespaces

2024-08-2014:33:24

CWE-863

GitHub_M

www.cve.org

cve-2024-39690

kubernetes

multi-tenancy

CVSS3

8.4

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

20.0%

JSON

Capsule is a multi-tenancy and policy-based framework for Kubernetes. In Capsule v0.7.0 and earlier, the tenant-owner can patch any arbitrary namespace that has not been taken over by a tenant (i.e., namespaces without the ownerReference field), thereby gaining control of that namespace.

CNA Affected

[
  {
    "vendor": "projectcapsule",
    "product": "capsule",
    "versions": [
      {
        "version": "<= 0.7.0",
        "status": "affected"
      }
    ]
  }
]