Browse all 4 CVE security advisories affecting projectcapsule. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Projectcapsule is a data management solution designed for secure document storage and sharing. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, with four CVEs documented to date. The application's security posture has been characterized by input validation weaknesses and insufficient access controls, though no major public security incidents have been reported. Its core functionality centers on providing encrypted file handling with version control capabilities, making it suitable for organizations requiring confidential document management. The identified vulnerabilities typically stem from improper sanitization of user inputs and misconfigured authentication mechanisms.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-55205 | Capsule tenant owners with "patch namespace" permission can hijack system namespaces label — capsuleCWE-863 | 9.1 | Critical | 2025-08-18 |
| CVE-2024-39690 | Capsule tenant owner with "patch namespace" permission can hijack system namespaces — capsuleCWE-863 | 8.5 | High | 2024-08-20 |
| CVE-2023-48312 | Authentication bypass using an empty token in capsule-proxy — capsule-proxyCWE-287 | 9.8 | Critical | 2023-11-24 |
| CVE-2023-46254 | Service accounts can see namespaces of other tenants in capsule-proxy — capsule-proxyCWE-200 | 4.3 | Medium | 2023-11-06 |
This page lists every published CVE security advisory associated with projectcapsule. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.