CVE-2022-23652

EUVD-2022-0936
capsule-proxy is a reverse proxy for Capsule Operator which provides multi-tenancy in Kubernetes. In versions prior to 0.2.1 an attacker with a proper authentication mechanism may use a malicious `Connection` header to start a privilege escalation attack towards the Kubernetes API Server. This vulnerability allows for an exploit of the `cluster-admin` Role bound to `capsule-proxy`. There are no known workarounds for this issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
GitHub_MCNA
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
Affected Products (NVD)
VendorProductVersion
clastixcapsule-proxy
𝑥
< 0.2.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/clastix/capsule-proxy/commit/efe91f68ebf8a9e3d21491dc57da7b8a746415d8
https://github.com/clastix/capsule-proxy/issues/188
https://github.com/clastix/capsule-proxy/security/advisories/GHSA-9cwv-cppx-mqjm
https://github.com/clastix/capsule-proxy/commit/efe91f68ebf8a9e3d21491dc57da7b8a746415d8
https://github.com/clastix/capsule-proxy/issues/188
https://github.com/clastix/capsule-proxy/security/advisories/GHSA-9cwv-cppx-mqjm