Due to insufficient input validation of Kyma, authenticated users can pass a Header of their choice and escalate privileges which can completely compromise the cluster.
[
{
"product": "Kyma",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "<1.24.7"
}
]
}
]