Lucene search
GoogleOSV:CVE-2022-23652HistoryFeb 22, 2022 - 8:15 p.m.
CVE-2022-23652
2022-02-2220:15:07
Google
osv.dev
3
capsule-proxy is a reverse proxy for Capsule Operator which provides multi-tenancy in Kubernetes. In versions prior to 0.2.1 an attacker with a proper authentication mechanism may use a malicious Connection header to start a privilege escalation attack towards the Kubernetes API Server. This vulnerability allows for an exploit of the cluster-admin Role bound to capsule-proxy. There are no known workarounds for this issue.
| CPE | Name | Operator | Version |
|---|---|---|---|
| capsule-proxy | eq | 0.0.5 | |
| capsule-proxy | eq | 0.0.4 | |
| capsule-proxy | eq | 0.0.3 | |
| capsule-proxy | eq | 0.1.1 | |
| capsule-proxy | eq | 0.2.0 | |
| capsule-proxy | eq | 0.0.2 | |
| capsule-proxy | eq | 0.1.0 | |
| capsule-proxy | eq | 0.0.1 |
Related
cve
cve
CVE-2022-23652
2022-02-22 20:15:07
cvelist
cvelist
CVE-2022-23652 Privilege escalation using hop-by-hop Connection header
2022-02-22 19:55:11
veracode
veracode
Privilege Escalation
2022-02-28 07:59:46
osv
osv
Improper Authentication in Capsule Proxy
2022-02-23 21:17:25
prion
prion
Design/Logic Flaw
2022-02-22 20:15:00
nvd
nvd
CVE-2022-23652
2022-02-22 20:15:07
github
github
Improper Authentication in Capsule Proxy
2022-02-23 21:17:25