Lucene search

GoogleOSV:GO-2024-3077

HistoryAug 22, 2024 - 8:03 p.m.

Capsule tenant owner with "patch namespace" permission can hijack system namespaces in github.com/projectcapsule/capsule

2024-08-2220:03:04

Google

osv.dev

capsule tenant owner

hijack system namespaces

github software

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

Low

JSON

Capsule tenant owner with “patch namespace” permission can hijack system namespaces in github.com/projectcapsule/capsule

References

github.com/projectcapsule/capsule/commit/d620b0457ddec01616b8eab8512a10611611f584

github.com/projectcapsule/capsule/security/advisories/GHSA-mq69-4j5w-3qwp

nvd.nist.gov/vuln/detail/CVE-2024-39690

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

Low

JSON

Related for OSV:GO-2024-3077