Vulnerabilities > CVE-2022-23652 - Unspecified vulnerability in Clastix Capsule-Proxy
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
capsule-proxy is a reverse proxy for Capsule Operator which provides multi-tenancy in Kubernetes. In versions prior to 0.2.1 an attacker with a proper authentication mechanism may use a malicious `Connection` header to start a privilege escalation attack towards the Kubernetes API Server. This vulnerability allows for an exploit of the `cluster-admin` Role bound to `capsule-proxy`. There are no known workarounds for this issue.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 9 |
References
- https://github.com/clastix/capsule-proxy/commit/efe91f68ebf8a9e3d21491dc57da7b8a746415d8
- https://github.com/clastix/capsule-proxy/commit/efe91f68ebf8a9e3d21491dc57da7b8a746415d8
- https://github.com/clastix/capsule-proxy/issues/188
- https://github.com/clastix/capsule-proxy/issues/188
- https://github.com/clastix/capsule-proxy/security/advisories/GHSA-9cwv-cppx-mqjm
- https://github.com/clastix/capsule-proxy/security/advisories/GHSA-9cwv-cppx-mqjm