Improper Authentication in Capsule Proxy

GHSA-9cwv-cppx-mqjm · CVE-2022-23652 · GO-2022-0329

Published Feb 23, 2022 · Modified Aug 21, 2024

Description

Impact

Using a malicious Connection header, an attacker with a proper authentication mechanism could start a privilege escalation towards the Kubernetes API Server, being able to exploit the cluster-admin Role bound to capsule-proxy.

Patches

Patch has been merged in the v0.2.1 release.

Workarounds

Upgrading is mandatory.

References

WEB https://github.com/clastix/capsule-proxy/security/advisories/GHSA-9cwv-cppx-mqjm
ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2022-23652
WEB https://github.com/clastix/capsule-proxy/issues/188
WEB https://github.com/clastix/capsule-proxy/commit/efe91f68ebf8a9e3d21491dc57da7b8a746415d8
WEB https://github.com/clastix/capsule-proxy

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes