capsule-proxy service discloses Namespaces of colliding tenants to owners of different tenants with the same ServiceAccount name

🗓️ 07 Nov 2023 21:04:46Reported by GoogleType

osv🔗 osv.dev👁 28 Views

A bug in `capsule-proxy` allows tenant owners with the same ServiceAccount name to list other tenants' namespace

Reporter	Title	Published	Views	Family All 7
Prion	Privilege escalation	6 Nov 202319:15	–	prion
CVE	CVE-2023-46254	6 Nov 202319:15	–	cve
OSV	CVE-2023-46254	6 Nov 202319:15	–	osv
Github Security Blog	capsule-proxy service discloses Namespaces of colliding tenants to owners of different tenants with the same ServiceAccount name	7 Nov 202321:46	–	github
Veracode	Information Disclosure	7 Nov 202305:40	–	veracode
Cvelist	CVE-2023-46254 Service accounts can see namespaces of other tenants in capsule-proxy	6 Nov 202318:34	–	cvelist
NVD	CVE-2023-46254	6 Nov 202319:15	–	nvd

Source	Link
github	www.github.com/projectcapsule/capsule-proxy/security/advisories/GHSA-6758-979h-249x
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-46254
github	www.github.com/projectcapsule/capsule-proxy/commit/615202f7b02eaec7681336bd63daed1f39ae00c5
github	www.github.com/projectcapsule/capsule-proxy
github	www.github.com/projectcapsule/capsule-proxy/releases/tag/v0.4.5

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

07 Nov 2023 21:46Current

7.1High risk

Vulners AI Score7.1

CVSS34.3

EPSS0.00053