You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Privilege escalation using hop-by-hop Connection header
High
prometherion
published
GHSA-9cwv-cppx-mqjmFeb 20, 2022
Package
No package listed
Affected versions
<= v0.2.0
Patched versions
None
Description
Impact
Using a malicious Connection header, an attacker with a proper authentication mechanism could start a privilege escalation towards the Kubernetes API Server, being able to exploit the cluster-admin Role bound to capsule-proxy.
enj Analyst
Impact
Using a malicious
Connectionheader, an attacker with a proper authentication mechanism could start a privilege escalation towards the Kubernetes API Server, being able to exploit thecluster-adminRole bound tocapsule-proxy.Patches
Patch has been merged in the v0.2.1 release.
Workarounds
Upgrading is mandatory.