High severityNVD Advisory· Published Aug 20, 2024· Updated Aug 14, 2025
Capsule tenant owner with "patch namespace" permission can hijack system namespaces
CVE-2024-39690
Description
Capsule is a multi-tenancy and policy-based framework for Kubernetes. In Capsule v0.7.0 and earlier, the tenant-owner can patch any arbitrary namespace that has not been taken over by a tenant (i.e., namespaces without the ownerReference field), thereby gaining control of that namespace. Version 0.7.1 contains a patch.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/projectcapsule/capsuleGo | < 0.7.1 | 0.7.1 |
Affected products
2- Range: <= 0.7.0
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-mq69-4j5w-3qwpghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-39690ghsaADVISORY
- github.com/projectcapsule/capsule/commit/d620b0457ddec01616b8eab8512a10611611f584ghsax_refsource_MISCWEB
- github.com/projectcapsule/capsule/security/advisories/GHSA-mq69-4j5w-3qwpghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.