CVE-2022-46167

CVSS V2 None CVSS V3 None

Description

Capsule is a multi-tenancy and policy-based framework for Kubernetes. Prior to version 0.1.3, a ServiceAccount deployed in a Tenant Namespace, when granted with `PATCH` capabilities on its own Namespace, is able to edit it and remove the Owner Reference, breaking the reconciliation of the Capsule Operator and removing all the enforcement like Pod Security annotations, Network Policies, Limit Range and Resource Quota items. An attacker could detach the Namespace from a Tenant that is forbidding starting privileged Pods using the Pod Security labels by removing the OwnerReference, removing the enforcement labels, and being able to start privileged containers that would be able to start a generic Kubernetes privilege escalation. Patches have been released for version 0.1.3. No known workarounds are available.

Overview

CVE ID
CVE-2022-46167

Assigner
security-advisories@github.com

Vulnerability Status
Analyzed

Published Version
2022-12-02T19:15:11.097

Last Modified Date
2022-12-06T12:31:48.240

Weakness Enumerations

CWE	URL
CWE-863	http://cwe.mitre.org/data/definitions/863.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version Start	Version End
cpe:2.3:a:clastix:capsule::::::::	1	OR		0.1.3

References

Reference URL	Reference Tags
https://github.com/clastix/capsule/commit/1df430e71be8c4778c82eca3459978ad7d0b4b7b	Patch Third Party Advisory
https://github.com/clastix/capsule/commit/75525ac19254b0c5111e34d7985e2be7bc8b1ac1	Patch Third Party Advisory
https://github.com/clastix/capsule/releases/tag/v0.1.3	Patch Release Notes Third Party Advisory
https://github.com/clastix/capsule/security/advisories/GHSA-x45c-cvp8-q4fm	Third Party Advisory

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2022-46167
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46167

History

Created	Old Value	New Value	Data Type	Notes
2022-12-07 18:06:02				Added to TrackCVE