logo

Database

Improper authorization control for web services In github.com/clastix/capsule-proxy

Description

Improper Authentication in Capsule Proxy

Impact

Using a malicious Connection header, an attacker with a proper authentication mechanism could start a privilege escalation towards the Kubernetes API Server, being able to exploit the cluster-admin Role bound to capsule-proxy.

Patches

Patch has been merged in the v0.2.1 release.

Workarounds

Upgrading is mandatory.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2022-236522. NVD-2022-236523. OSV-2022-236524. GHSA-9cwv-cppx-mqjm5. GCVE-2022-23652

References

1. https://github.com/clastix/capsule-proxy/security/advisories/GHSA-9cwv-cppx-mqjm2. https://github.com/clastix/capsule-proxy/issues/1883. https://github.com/clastix/capsule-proxy/commit/efe91f68ebf8a9e3d21491dc57da7b8a746415d84. https://github.com/clastix/capsule-proxy

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.