Go modules package
github.com/projectcapsule/capsule
pkg:golang/github.com/projectcapsule/capsule
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-55636 | — | >= 0.13.0, < 0.13.6 | 0.13.6 | Jun 17, 2026 | ### Summary Capsule v0.13.2 webhook rules contain `namespace/finalize` (singular) instead of `namespaces/finalize` (plural). K8s requires plural. The finalize defense from CVE-2026-30963 fix is absent. ### Details PUT to `/api/v1/namespaces//finalize` has resource=namespaces | ||
| CVE-2025-55205 | Cri | 9.0 | < 0.10.4 | 0.10.4 | Aug 18, 2025 | Capsule is a multi-tenancy and policy-based framework for Kubernetes. A namespace label injection vulnerability in Capsule v0.10.3 and earlier allows authenticated tenant users to inject arbitrary labels into system namespaces (kube-system, default, capsule-system), bypassing mul | |
| CVE-2024-39690 | — | < 0.7.1 | 0.7.1 | Aug 20, 2024 | Capsule is a multi-tenancy and policy-based framework for Kubernetes. In Capsule v0.7.0 and earlier, the tenant-owner can patch any arbitrary namespace that has not been taken over by a tenant (i.e., namespaces without the ownerReference field), thereby gaining control of that na | ||
| CVE-2023-46254 | — | < 0.4.5 | 0.4.5 | Nov 6, 2023 | capsule-proxy is a reverse proxy for Capsule kubernetes multi-tenancy framework. A bug in the RoleBinding reflector used by `capsule-proxy` gives ServiceAccount tenant owners the right to list Namespaces of other tenants backed by the same owner kind and name. For example conside |
- CVE-2026-55636Jun 17, 2026affected >= 0.13.0, < 0.13.6fixed 0.13.6
### Summary Capsule v0.13.2 webhook rules contain `namespace/finalize` (singular) instead of `namespaces/finalize` (plural). K8s requires plural. The finalize defense from CVE-2026-30963 fix is absent. ### Details PUT to `/api/v1/namespaces//finalize` has resource=namespaces
- affected < 0.10.4fixed 0.10.4
Capsule is a multi-tenancy and policy-based framework for Kubernetes. A namespace label injection vulnerability in Capsule v0.10.3 and earlier allows authenticated tenant users to inject arbitrary labels into system namespaces (kube-system, default, capsule-system), bypassing mul
- CVE-2024-39690Aug 20, 2024affected < 0.7.1fixed 0.7.1
Capsule is a multi-tenancy and policy-based framework for Kubernetes. In Capsule v0.7.0 and earlier, the tenant-owner can patch any arbitrary namespace that has not been taken over by a tenant (i.e., namespaces without the ownerReference field), thereby gaining control of that na
- CVE-2023-46254Nov 6, 2023affected < 0.4.5fixed 0.4.5
capsule-proxy is a reverse proxy for Capsule kubernetes multi-tenancy framework. A bug in the RoleBinding reflector used by `capsule-proxy` gives ServiceAccount tenant owners the right to list Namespaces of other tenants backed by the same owner kind and name. For example conside