Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Capsule tenant owners with "patch namespace" permission can hijack system namespaces label
Vulnerability Description
Capsule is a multi-tenancy and policy-based framework for Kubernetes. A namespace label injection vulnerability in Capsule v0.10.3 and earlier allows authenticated tenant users to inject arbitrary labels into system namespaces (kube-system, default, capsule-system), bypassing multi-tenant isolation and potentially accessing cross-tenant resources through TenantResource selectors. This vulnerability enables privilege escalation and violates the fundamental security boundaries that Capsule is designed to enforce. This vulnerability is fixed in 0.10.4.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
授权机制不正确
Vulnerability Title
Capsule 安全漏洞
Vulnerability Description
Capsule是Project Capsule开源的一个 Kubernetes 的多租户和基于策略的框架。 Capsule 0.10.3及之前版本存在安全漏洞,该漏洞源于命名空间标签注入漏洞,可能导致权限提升和跨租户资源访问。
CVSS Information
N/A
Vulnerability Type
N/A