Incorrect Authorization

CVE-2022-46167

High

8.8/10

Summary

Capsule is a multi-tenancy and policy-based framework for Kubernetes. In versions through 0.1.2 and helm-v0.1.0 through helm-v0.1.11, a Service Account deployed in a Tenant Namespace, when granted with `PATCH` capabilities on its own Namespace, is able to edit it and remove the Owner Reference, breaking the reconciliation of the Capsule Operator and removing all the enforcement like Pod Security annotations, Network Policies, Limit Range and Resource Quota items. An attacker could detach the Namespace from a Tenant that is forbidding starting privileged Pods using the Pod Security labels by removing the "OwnerReference", removing the enforcement labels, and being able to start privileged containers that would be able to start a generic Kubernetes privilege escalation.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-863 - Incorrect Authorization

Authorization is a security mechanism performed by an application to grant or deny access to the requested resources by verifying the privileges of the user. When an application lacks effective authorization mechanisms, it enables unauthorized users to gain unintended privileges and illegitimate access to resources. Such a vulnerability may result in exposure of sensitive information, denial of service, arbitrary code execution, and complete system takeover.

References

Advisory Timeline

Published Dec 02, 2022

Incorrect Authorization

CVE-2022-46167

Summary

CWE-863 - Incorrect Authorization

References

Advisory Timeline

CodeBashing

DustiLock

CuteBoi