Skip to main content

Incorrect Authorization


Severity High
Score 8.8/10


Capsule is a multi-tenancy and policy-based framework for Kubernetes. In versions through 0.1.2, helm-v0.1.0 through helm-v0.1.11, and 0.2.0-rc1, a Service Account deployed in a Tenant Namespace, when granted with `PATCH` capabilities on its own Namespace, is able to edit it and remove the Owner Reference, breaking the reconciliation of the Capsule Operator and removing all the enforcement like Pod Security annotations, Network Policies, Limit Range and Resource Quota items. An attacker could detach the Namespace from a Tenant that is forbidding starting privileged Pods using the Pod Security labels by removing the "OwnerReference", removing the enforcement labels, and being able to start privileged containers that would be able to start a generic Kubernetes privilege escalation.

  • LOW
  • HIGH
  • NONE
  • LOW
  • HIGH
  • HIGH

CWE-863 - Incorrect Authorization

Authorization is a security mechanism performed by an application to grant or deny access to the requested resources by verifying the privileges of the user. When an application lacks effective authorization mechanisms, it enables unauthorized users to gain unintended privileges and illegitimate access to resources. Such a vulnerability may result in exposure of sensitive information, denial of service, arbitrary code execution, and complete system takeover.

Advisory Timeline

  • Published