5 matches found
CVE-2024-39690
Capsule is a multi-tenancy and policy-based framework for Kubernetes. In Capsule v0.7.0 and earlier, the tenant-owner can patch any arbitrary namespace that has not been taken over by a tenant i.e., namespaces without the ownerReference field, thereby gaining control of that namespace. Version...
EUVD-2024-2618
Malicious code in bioql PyPI...
EUVD-2023-2895
Malicious code in bioql PyPI...
The Bug Report – August 2025 Edition
The Bug Report – August 2025 Edition By Jonathan Omakun, Tola Olawale · August 27, 2025 Why am I here? Welcome back to The Bug Report! Did you miss us? The Trellix Advanced Research Center has been playing a high-stakes game of whack-a-mole with this month's vulnerabilities. We've dug through all...
CVE-2025-55205
CVE-2025-55205 concerns Capsule (Kubernetes multi-tenant framework). Affected: Capsule v0.10.3 and earlier; fixed in v0.10.4. Vulnerability: authenticated tenant users can inject arbitrary labels into system namespaces (e.g., kube-system, default, capsule-system) via namespace labeling, bypassing...