Capsule@* Security Vulnerabilities and Issues — Capsule@* CVE List

Lucene search

ClastixCapsule*

3 matches found

CVE•added 2022/12/02 7:15 p.m.•47 views

CVE-2022-46167

Capsule is a multi-tenancy and policy-based framework for Kubernetes. Prior to version 0.1.3, a ServiceAccount deployed in a Tenant Namespace, when granted with PATCH capabilities on its own Namespace, is able to edit it and remove the Owner Reference, breaking the reconciliation of the Capsule Ope...

8.8CVSS8.6AI score0.00071EPSS

CVE•added 2023/11/06 7:15 p.m.•37 views

CVE-2023-46254

capsule-proxy is a reverse proxy for Capsule kubernetes multi-tenancy framework. A bug in the RoleBinding reflector used by capsule-proxy gives ServiceAccount tenant owners the right to list Namespaces of other tenants backed by the same owner kind and name. For example consider two tenants solar a...

4.3CVSS4.6AI score0.00233EPSS

CVE•added 2024/08/20 3:15 p.m.•34 views

CVE-2024-39690

Capsule is a multi-tenancy and policy-based framework for Kubernetes. In Capsule v0.7.0 and earlier, the tenant-owner can patch any arbitrary namespace that has not been taken over by a tenant (i.e., namespaces without the ownerReference field), thereby gaining control of that namespace.

8.8CVSS8.5AI score0.00157EPSS