VYPR

Capsule

by Projectcms

Source repositories

CVEs (6)

  • CVE-2026-22872CriJun 1, 2026
    risk 0.52cvss 9.1epss 0.00

    Capsule is a multi-tenancy and policy-based framework for Kubernetes. The Capsule Controller runs with cluster-admin privileges. Although the TenantResource RawItems processing logic forcibly sets the namespace, this is ineffective for cluster-scoped resources. Prior to version…

  • CVE-2025-55205CriAug 18, 2025
    risk 0.52cvss 9.0epss 0.00

    Capsule is a multi-tenancy and policy-based framework for Kubernetes. A namespace label injection vulnerability in Capsule v0.10.3 and earlier allows authenticated tenant users to inject arbitrary labels into system namespaces (kube-system, default, capsule-system), bypassing…

  • CVE-2026-30963LowJun 1, 2026
    risk 0.18cvss 3.9epss 0.00

    Capsule is a multi-tenancy and policy-based framework for Kubernetes. To defend against namespace hijacking achieved through update/patch operations on namespaces, Capsule uses a webhook to validate update requests targeting namespaces. However, in Kubernetes, the…

  • CVE-2024-39690Aug 20, 2024
    risk 0.00cvss epss 0.01

    Capsule is a multi-tenancy and policy-based framework for Kubernetes. In Capsule v0.7.0 and earlier, the tenant-owner can patch any arbitrary namespace that has not been taken over by a tenant (i.e., namespaces without the ownerReference field), thereby gaining control of that…

  • CVE-2023-48312Nov 24, 2023
    risk 0.00cvss epss 0.01

    capsule-proxy is a reverse proxy for the capsule operator project. Affected versions are subject to a privilege escalation vulnerability which is based on a missing check if the user is authenticated based on the `TokenReview` result. All the clusters running with the…

  • CVE-2023-46254Nov 6, 2023
    risk 0.00cvss epss 0.00

    capsule-proxy is a reverse proxy for Capsule kubernetes multi-tenancy framework. A bug in the RoleBinding reflector used by `capsule-proxy` gives ServiceAccount tenant owners the right to list Namespaces of other tenants backed by the same owner kind and name. For example…