CVE-2022-46167

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-46167
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-46167.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-46167
Aliases
Published
2022-12-02T18:22:21.817Z
Modified
2026-03-11T00:31:03.886809Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Capsule vulnerable to privilege escalation by ServiceAccount deployed in a Tenant Namespace
Details

Capsule is a multi-tenancy and policy-based framework for Kubernetes. Prior to version 0.1.3, a ServiceAccount deployed in a Tenant Namespace, when granted with PATCH capabilities on its own Namespace, is able to edit it and remove the Owner Reference, breaking the reconciliation of the Capsule Operator and removing all the enforcement like Pod Security annotations, Network Policies, Limit Range and Resource Quota items. An attacker could detach the Namespace from a Tenant that is forbidding starting privileged Pods using the Pod Security labels by removing the OwnerReference, removing the enforcement labels, and being able to start privileged containers that would be able to start a generic Kubernetes privilege escalation. Patches have been released for version 0.1.3. No known workarounds are available.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-863"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/46xxx/CVE-2022-46167.json"
}
References

Affected packages

Git / github.com/clastix/capsule

Affected ranges

Type
GIT
Repo
https://github.com/clastix/capsule
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
eba072c88dfcff9348d870d03b74ad3737a528b1

Affected versions

0.*
0.0.1
0.2.0-rc1
helm-v0.*
helm-v0.1.0
helm-v0.1.1
helm-v0.1.10
helm-v0.1.11
helm-v0.1.2
helm-v0.1.3
helm-v0.1.4
helm-v0.1.6
helm-v0.1.7
helm-v0.1.8
v0.*
v0.0.1
v0.0.2
v0.0.3
v0.0.4
v0.0.5
v0.0.5-rc1
v0.0.5-rc2
v0.1.0
v0.1.0-rc1
v0.1.0-rc2
v0.1.0-rc3
v0.1.0-rc4
v0.1.0-rc5
v0.1.0-rc6
v0.1.1
v0.1.1-rc0
v0.1.1-rc1
v0.1.2
v0.1.2-rc0
v0.1.2-rc1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-46167.json"

Git / github.com/projectcapsule/capsule

Affected ranges

Type
Repo
https://github.com/projectcapsule/capsule
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1df430e71be8c4778c82eca3459978ad7d0b4b7b
Fixed
75525ac19254b0c5111e34d7985e2be7bc8b1ac1
Fixed
eba072c88dfcff9348d870d03b74ad3737a528b1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-46167.json"