2 matches found
GHSA-6758-979H-249X capsule-proxy service discloses Namespaces of colliding tenants to owners of different tenants with the same ServiceAccount name
Summary A bug in the RoleBinding reflector used by capsule-proxy gives ServiceAccount tenant owners the right to list Namespaces of other tenants backed by the same owner kind and name. Details - Tenant solar, owned by a ServiceAccount named tenant-owner in the Namespace solar - Tenant wind, owne...
PT-2023-29934 · Unknown · Capsule-Proxy
Name of the Vulnerable Software and Affected Versions: capsule-proxy versions prior to 0.4.5 Description: A bug in the RoleBinding reflector used by capsule-proxy gives ServiceAccount tenant owners the right to list Namespaces of other tenants backed by the same owner kind and name. This introduc...