Lucene search

GitHub_MCVELIST:CVE-2022-23652

HistoryFeb 22, 2022 - 7:55 p.m.

CVE-2022-23652 Privilege escalation using hop-by-hop Connection header

2022-02-2219:55:11

CWE-287

GitHub_M

www.cve.org

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.0%

JSON

capsule-proxy is a reverse proxy for Capsule Operator which provides multi-tenancy in Kubernetes. In versions prior to 0.2.1 an attacker with a proper authentication mechanism may use a malicious Connection header to start a privilege escalation attack towards the Kubernetes API Server. This vulnerability allows for an exploit of the cluster-admin Role bound to capsule-proxy. There are no known workarounds for this issue.

CNA Affected

[
  {
    "product": "capsule-proxy",
    "vendor": "clastix",
    "versions": [
      {
        "status": "affected",
        "version": "< 0.2.1"
      }
    ]
  }
]

References

github.com/clastix/capsule-proxy/commit/efe91f68ebf8a9e3d21491dc57da7b8a746415d8

github.com/clastix/capsule-proxy/issues/188

github.com/clastix/capsule-proxy/security/advisories/GHSA-9cwv-cppx-mqjm

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.0%

JSON

Related for CVELIST:CVE-2022-23652