CVE-2022-23652

by Fred · 22/02/2022

capsule-proxy is a reverse proxy for Capsule Operator which provides multi-tenancy in Kubernetes. In versions prior to 0.2.1 an attacker with a proper authentication mechanism may use a malicious `Connection` header to start a privilege escalation attack towards the Kubernetes API Server. This vulnerability allows for an exploit of the `cluster-admin` Role bound to `capsule-proxy`. There are no known workarounds for this issue.

Date published : 2022-02-22

https://github.com/clastix/capsule-proxy/security/advisories/GHSA-9cwv-cppx-mqjm

https://github.com/clastix/capsule-proxy/commit/efe91f68ebf8a9e3d21491dc57da7b8a746415d8

CVE-2022-23652

Similar

Recent Posts

Categories

CVE-2022-23652

Share this:

Similar

Recent Posts

Categories

Tags