kyma is an open source platform for scaling applications using microservices and serverless functionality. kyma suffers from an elevation-of-privilege vulnerability that stems from a networked system or product that does not properly authenticate incoming data. An authenticated attacker could exploit the vulnerability to pass the Header of their choice and escalate privileges that could compromise the cluster entirely.