github.com/projectcapsule/capsule
Go6 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting github.com/projectcapsule/capsulepage 1 of 1
- CVE-2023-46254MEDIUMCVSS 4.3EG 4.3✓ Fixed in 0.4.52023-11-06
capsule-proxy is a reverse proxy for Capsule kubernetes multi-tenancy framework. A bug in the RoleBinding reflector used by `capsule-proxy` gives ServiceAccount tenant owners the right to list Namespaces of other tenants backed by the same…
- CVE-2024-39690HIGHCVSS 8.4EG 8.42024-08-20
Capsule is a multi-tenancy and policy-based framework for Kubernetes. In Capsule v0.7.0 and earlier, the tenant-owner can patch any arbitrary namespace that has not been taken over by a tenant (i.e., namespaces without the ownerReference f…
- CVE-2025-55205CRITICALCVSS 9.0EG 9.0✓ Fixed in 0.10.42025-08-18
Capsule is a multi-tenancy and policy-based framework for Kubernetes. A namespace label injection vulnerability in Capsule v0.10.3 and earlier allows authenticated tenant users to inject arbitrary labels into system namespaces (kube-system…
- CVE-2026-22872CRITICALCVSS 9.1EG 9.1✓ Fixed in 0.13.02026-05-28
Capsule is a multi-tenancy and policy-based framework for Kubernetes. The Capsule Controller runs with cluster-admin privileges. Although the TenantResource RawItems processing logic forcibly sets the namespace, this is ineffective for clu…
- CVE-2026-30963LOWCVSS 2.7EG 2.7✓ Fixed in 0.13.02026-05-28
Capsule is a multi-tenancy and policy-based framework for Kubernetes. To defend against namespace hijacking achieved through update/patch operations on namespaces, Capsule uses a webhook to validate update requests targeting namespaces. Ho…
- CVE-2026-55636MEDIUMCVSS 5.7EG 5.7✓ Fixed in 0.13.62026-06-17
Capsule: Incomplete fix of CVE-2026-30963: singular/plural typo leaves namespaces/finalize unprotected ### Summary Capsule v0.13.2 webhook rules contain `namespace/finalize` (singular) instead of `namespaces/finalize` (plural). K8s requir…
Check whether github.com/projectcapsule/capsule is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/projectcapsule/capsule CVEs against the assets you own.
Start Free Scan →