capsule-proxy is a reverse proxy for Capsule Operator which provides multi-tenancy in Kubernetes. In versions prior to 0.2.1 an attacker with a proper authentication mechanism may use a malicious Connection
header to start a privilege escalation attack towards the Kubernetes API Server. This vulnerability allows for an exploit of the cluster-admin
Role bound to capsule-proxy
. There are no known workarounds for this issue.
CPE | Name | Operator | Version |
---|---|---|---|
capsule-proxy | eq | 0.0.5 | |
capsule-proxy | eq | 0.0.4 | |
capsule-proxy | eq | 0.0.3 | |
capsule-proxy | eq | 0.1.1 | |
capsule-proxy | eq | 0.2.0 | |
capsule-proxy | eq | 0.0.2 | |
capsule-proxy | eq | 0.1.0 | |
capsule-proxy | eq | 0.0.1 |