2 matches found
GO-2025-3893 Capsule tenant owners with "patch namespace" permission can hijack system namespaces label in github.com/projectcapsule/capsule
Capsule tenant owners with "patch namespace" permission can hijack system namespaces label in github.com/projectcapsule/capsule...
CVE-2023-46254 Service accounts can see namespaces of other tenants in capsule-proxy
capsule-proxy is a reverse proxy for Capsule kubernetes multi-tenancy framework. A bug in the RoleBinding reflector used by capsule-proxy gives ServiceAccount tenant owners the right to list Namespaces of other tenants backed by the same owner kind and name. For example consider two tenants solar...