Lucene search

GoogleOSV:CVE-2024-39690

HistoryAug 20, 2024 - 3:15 p.m.

CVE-2024-39690

2024-08-2015:15:21

Google

osv.dev

capsule

kubernetes

unauthorized access

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

20.0%

JSON

Capsule is a multi-tenancy and policy-based framework for Kubernetes. In Capsule v0.7.0 and earlier, the tenant-owner can patch any arbitrary namespace that has not been taken over by a tenant (i.e., namespaces without the ownerReference field), thereby gaining control of that namespace.

References

github.com/projectcapsule/capsule/commit/d620b0457ddec01616b8eab8512a10611611f584

github.com/projectcapsule/capsule/security/advisories/GHSA-mq69-4j5w-3qwp

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

20.0%

JSON

Related for OSV:CVE-2024-39690