Lucene search

Veracode Vulnerability DatabaseVERACODE:48505

HistoryAug 21, 2024 - 9:16 a.m.

Incorrect Authorization

2024-08-2109:16:21

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

github

projectcapsule

capsule

vulnerability

incorrect authorization

arbitrary namespace

ownerreference

attacker

control

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

20.0%

JSON

github.com/projectcapsule/capsule is vulnerable to Incorrect Authorization. The vulnerability is caused due to the tenant-owner can patch any arbitrary namespace that has not been taken over by a tenant (i.e., namespaces without the ownerReference field). This can lead to an attacker gaining control of that namespace.

References

github.com/projectcapsule/capsule/commit/d620b0457ddec01616b8eab8512a10611611f584

github.com/projectcapsule/capsule/security/advisories/GHSA-mq69-4j5w-3qwp

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

20.0%

JSON

Related for VERACODE:48505