One Article Review
| Source |  CVE Liste |
|---|---|
| Identifiant | 4168561 |
| Date de publication | 2022-02-22 20:15:07 (vue: 2022-02-22 22:06:05) |
| Titre | CVE-2022-23652 |
| Texte | capsule-proxy is a reverse proxy for Capsule Operator which provides multi-tenancy in Kubernetes. In versions prior to 0.2.1 an attacker with a proper authentication mechanism may use a malicious `Connection` header to start a privilege escalation attack towards the Kubernetes API Server. This vulnerability allows for an exploit of the `cluster-admin` Role bound to `capsule-proxy`. There are no known workarounds for this issue. |
| Notes | |
| Envoyé | Oui |
| Condensat | 2022 23652 `capsule `cluster `connection` admin` allows api are attack attacker authentication bound capsule cve escalation exploit header issue known kubernetes malicious may mechanism multi operator prior privilege proper provides proxy proxy` reverse role server start tenancy towards use versions vulnerability which workarounds |
| Tags | Vulnerability |
| Stories | Uber |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.