3.9
CVE-2026-30963
- EPSS 0.2%
- Veröffentlicht 01.06.2026 18:00:43
- Zuletzt bearbeitet 03.06.2026 20:22:11
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
Capsule Namespace Hijacking via subresource
Capsule is a multi-tenancy and policy-based framework for Kubernetes. To defend against namespace hijacking achieved through update/patch operations on namespaces, Capsule uses a webhook to validate update requests targeting namespaces. However, in Kubernetes, the namespace/finalize and namespace/status subresource APIs can also modify various fields of a namespace, including the metadata field. Prior to version 0.13.0, the webhook does not define interception rules for these subresources. As a result, if a tenant administrator has permission to modify namespace/status or namespace/finalize, they can successfully perform namespace hijacking. Version 0.13.0 fixes the issue. Another mitigation is to add two subresources (namespaces and snamespaces/status with namespace/finalize within it) to the resources list in the ValidatingWebhookConfiguration rules.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Projectcapsule ≫ Capsule Version < 0.13.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.2% | 0.101 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 2.7 | 1.2 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
|
| security-advisories@github.com | 3.9 | 0.5 | 3.4 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
https://github.com/projectcapsule/capsule/releases/tag/v0.13.0
https://github.com/projectcapsule/capsule/security/advisories/GHSA-2ww6-hf35-mfjm