CVE-2023-46254
Summary
A bug in the RoleBinding reflector of capsule-proxy allowed ServiceAccount tenant owners to list Namespaces of other tenants under specific conditions, leading to a potential data exfiltration vulnerability. This issue occurs when capsule-proxy has caching enabled and tenant owners are ServiceAccounts with identical names in different Namespaces. The vulnerability has been fixed in version 0.4.5.
IFF Assessment
This vulnerability allows for unauthorized listing of tenant namespaces, which could aid attackers in reconnaissance and potential data exfiltration.
Severity
Defender Context
Defenders should prioritize patching or updating capsule-proxy to version 0.4.5 or later to mitigate this namespace listing vulnerability. Organizations using multi-tenant Kubernetes environments with Capsule should review their RBAC configurations and monitor for any unauthorized attempts to list namespaces.