CVE-2025-55205 Information

Aug 19, 2025 cve

Description

Capsule is a multi-tenancy and policy-based framework for Kubernetes. A namespace label injection vulnerability in Capsule v0.10.3 and earlier allows authenticated tenant users to inject arbitrary labels into system namespaces (kube-system default capsule-system) bypassing multi-tenant isolation and potentially accessing cross-tenant resources through TenantResource selectors. This vulnerability enables privilege escalation and violates the fundamental security boundaries that Capsule is designed to enforce. This vulnerability is fixed in 0.10.4.

Reference

https://github.com/projectcapsule/capsule/commit/e1f47feade6e1695b2204407607d07c3b3994f6e https://github.com/projectcapsule/capsule/security/advisories/GHSA-fcpm-6mxq-m5vv

CNNVD-202508-2031 (Published: 2025-08-18)

Share on:

CVE-2025-55205 Information

Description

Reference

Related CNNVD