CVE-2024-39690 (GCVE-0-2024-39690)
Vulnerability from cvelistv5
Published
2024-08-20 14:33
Modified
2025-08-14 13:32
Severity ?
8.4 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
CWE
  • CWE-863 - Incorrect Authorization
Summary
Capsule is a multi-tenancy and policy-based framework for Kubernetes. In Capsule v0.7.0 and earlier, the tenant-owner can patch any arbitrary namespace that has not been taken over by a tenant (i.e., namespaces without the ownerReference field), thereby gaining control of that namespace. Version 0.7.1 contains a patch.
References
Impacted products
Vendor Product Version
projectcapsule capsule Version: <= 0.7.0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:clastix:capsule:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "capsule",
            "vendor": "clastix",
            "versions": [
              {
                "lessThanOrEqual": "0.7.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39690",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-20T15:05:29.719635Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-20T15:08:08.489Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "capsule",
          "vendor": "projectcapsule",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c= 0.7.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Capsule is a multi-tenancy and policy-based framework for Kubernetes. In Capsule v0.7.0 and earlier, the tenant-owner can patch any arbitrary namespace that has not been taken over by a tenant (i.e., namespaces without the ownerReference field), thereby gaining control of that namespace. Version 0.7.1 contains a patch."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863: Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-14T13:32:03.818Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/projectcapsule/capsule/security/advisories/GHSA-mq69-4j5w-3qwp",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/projectcapsule/capsule/security/advisories/GHSA-mq69-4j5w-3qwp"
        },
        {
          "name": "https://github.com/projectcapsule/capsule/commit/d620b0457ddec01616b8eab8512a10611611f584",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/projectcapsule/capsule/commit/d620b0457ddec01616b8eab8512a10611611f584"
        }
      ],
      "source": {
        "advisory": "GHSA-mq69-4j5w-3qwp",
        "discovery": "UNKNOWN"
      },
      "title": "Capsule tenant owner with \"patch namespace\" permission can hijack system namespaces"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-39690",
    "datePublished": "2024-08-20T14:33:24.518Z",
    "dateReserved": "2024-06-27T18:44:13.035Z",
    "dateUpdated": "2025-08-14T13:32:03.818Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-39690\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-08-20T15:15:21.340\",\"lastModified\":\"2025-08-14T14:15:30.037\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Capsule is a multi-tenancy and policy-based framework for Kubernetes. In Capsule v0.7.0 and earlier, the tenant-owner can patch any arbitrary namespace that has not been taken over by a tenant (i.e., namespaces without the ownerReference field), thereby gaining control of that namespace. Version 0.7.1 contains a patch.\"},{\"lang\":\"es\",\"value\":\"Capsule es un framework multiinquilino y basado en pol\u00edticas para Kubernetes. En Capsule v0.7.0 y versiones anteriores, el inquilino-propietario puede parchear cualquier espacio de nombres arbitrario que no haya sido asumido por un inquilino (es decir, espacios de nombres sin el campo propietarioReferencia), obteniendo as\u00ed el control de ese espacio de nombres.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H\",\"baseScore\":8.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.7,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:projectcapsule:capsule:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"0.7.0\",\"matchCriteriaId\":\"A192D305-E13C-436F-8AF2-0D3DC4CD03C1\"}]}]}],\"references\":[{\"url\":\"https://github.com/projectcapsule/capsule/commit/d620b0457ddec01616b8eab8512a10611611f584\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/projectcapsule/capsule/security/advisories/GHSA-mq69-4j5w-3qwp\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-39690\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-20T15:05:29.719635Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:clastix:capsule:*:*:*:*:*:*:*:*\"], \"vendor\": \"clastix\", \"product\": \"capsule\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"0.7.0\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-20T15:08:00.655Z\"}}], \"cna\": {\"title\": \"Capsule tenant owner with \\\"patch namespace\\\" permission can hijack system namespaces\", \"source\": {\"advisory\": \"GHSA-mq69-4j5w-3qwp\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.5, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"projectcapsule\", \"product\": \"capsule\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c= 0.7.0\"}]}], \"references\": [{\"url\": \"https://github.com/projectcapsule/capsule/security/advisories/GHSA-mq69-4j5w-3qwp\", \"name\": \"https://github.com/projectcapsule/capsule/security/advisories/GHSA-mq69-4j5w-3qwp\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/projectcapsule/capsule/commit/d620b0457ddec01616b8eab8512a10611611f584\", \"name\": \"https://github.com/projectcapsule/capsule/commit/d620b0457ddec01616b8eab8512a10611611f584\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Capsule is a multi-tenancy and policy-based framework for Kubernetes. In Capsule v0.7.0 and earlier, the tenant-owner can patch any arbitrary namespace that has not been taken over by a tenant (i.e., namespaces without the ownerReference field), thereby gaining control of that namespace. Version 0.7.1 contains a patch.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-863\", \"description\": \"CWE-863: Incorrect Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-08-14T13:32:03.818Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-39690\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-14T13:32:03.818Z\", \"dateReserved\": \"2024-06-27T18:44:13.035Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-08-20T14:33:24.518Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.