EUVD-2025-25141

Malicious code in bioql PyPI...

Namespace Label Injection

github.com/projectcapsule/capsule is vulnerable to namespace label injection. The vulnerability is due to improper validation of labels in system namespaces, which allows an attacker to inject arbitrary labels, bypass multi-tenant isolation, and escalate privileges to access cross-tenant resource...

GO-2025-3893 Capsule tenant owners with "patch namespace" permission can hijack system namespaces label in github.com/projectcapsule/capsule

Capsule tenant owners with "patch namespace" permission can hijack system namespaces label in github.com/projectcapsule/capsule...

Capsule tenant owners with "patch namespace" permission can hijack system namespaces label

Summary A namespace label injection vulnerability in Capsule v0.10.3 allows authenticated tenant users to inject arbitrary labels into system namespaces kube-system, default, capsule-system, bypassing multi-tenant isolation and potentially accessing cross-tenant resources through TenantResource...

GHSA-FCPM-6MXQ-M5VV Capsule tenant owners with "patch namespace" permission can hijack system namespaces label

Summary A namespace label injection vulnerability in Capsule v0.10.3 allows authenticated tenant users to inject arbitrary labels into system namespaces kube-system, default, capsule-system, bypassing multi-tenant isolation and potentially accessing cross-tenant resources through TenantResource...

CVE-2025-55205

Capsule is a multi-tenancy and policy-based framework for Kubernetes. A namespace label injection vulnerability in Capsule v0.10.3 and earlier allows authenticated tenant users to inject arbitrary labels into system namespaces kube-system, default, capsule-system, bypassing multi-tenant isolation...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the OnUpdate function in the patch.go file. An attacker can gain unauthorized access to system namespaces and potentially escalate privileges by injecting arbitrary labels into protected namespaces through...

CVE-2025-55205 Capsule tenant owners with "patch namespace" permission can hijack system namespaces label

Capsule is a multi-tenancy and policy-based framework for Kubernetes. A namespace label injection vulnerability in Capsule v0.10.3 and earlier allows authenticated tenant users to inject arbitrary labels into system namespaces kube-system, default, capsule-system, bypassing multi-tenant isolation...

CVE-2025-55205

CVE-2025-55205 concerns Capsule (Kubernetes multi-tenant framework). Affected: Capsule v0.10.3 and earlier; fixed in v0.10.4. Vulnerability: authenticated tenant users can inject arbitrary labels into system namespaces (e.g., kube-system, default, capsule-system) via namespace labeling, bypassing...

CVE-2025-55205 Capsule tenant owners with "patch namespace" permission can hijack system namespaces label

Capsule is a multi-tenancy and policy-based framework for Kubernetes. A namespace label injection vulnerability in Capsule v0.10.3 and earlier allows authenticated tenant users to inject arbitrary labels into system namespaces kube-system, default, capsule-system, bypassing multi-tenant isolation...

PT-2025-33668

Name of the Vulnerable Software and Affected Versions: Capsule versions prior to 0.10.4 Description: Capsule is a multi-tenancy and policy-based framework for Kubernetes. A namespace label injection issue in earlier versions allows authenticated tenant users to inject arbitrary labels into system...

GO-2024-3077 Capsule tenant owner with "patch namespace" permission can hijack system namespaces in github.com/projectcapsule/capsule

Capsule tenant owner with "patch namespace" permission can hijack system namespaces in github.com/projectcapsule/capsule...