Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 11:17 p.m.6 views

CVE-2022-23652

capsule-proxy is a reverse proxy for Capsule Operator which provides multi-tenancy in Kubernetes. In versions prior to 0.2.1 an attacker with a proper authentication mechanism may use a malicious Connection header to start a privilege escalation attack towards the Kubernetes API Server. This...

8.8CVSS7AI score0.01375EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/02/22 7:55 p.m.26 views

CVE-2022-23652 Privilege escalation using hop-by-hop Connection header

capsule-proxy is a reverse proxy for Capsule Operator which provides multi-tenancy in Kubernetes. In versions prior to 0.2.1 an attacker with a proper authentication mechanism may use a malicious Connection header to start a privilege escalation attack towards the Kubernetes API Server. This...

8.8CVSS9.1AI score0.01375EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2022/02/22 7:55 p.m.6 views

CVE-2022-23652 Privilege escalation using hop-by-hop Connection header

capsule-proxy is a reverse proxy for Capsule Operator which provides multi-tenancy in Kubernetes. In versions prior to 0.2.1 an attacker with a proper authentication mechanism may use a malicious Connection header to start a privilege escalation attack towards the Kubernetes API Server. This...

8.8CVSS8.9AI score0.01375EPSS
Exploits1References3
CVE
CVE
added 2022/02/22 7:55 p.m.734 views

CVE-2022-23652

Capsule-proxy (the reverse proxy for Capsule Operator) is affected. In versions prior to 0.2.1, an attacker with proper authentication can send a malicious Connection header to escalate privileges toward the Kubernetes API Server, exploiting the cluster-admin role bound to capsule-proxy. Multiple...

8.8CVSS8.8AI score0.01375EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/02/22 7:55 p.m.21 views

CVE-2022-23652 Privilege escalation using hop-by-hop Connection header

capsule-proxy is a reverse proxy for Capsule Operator which provides multi-tenancy in Kubernetes. In versions prior to 0.2.1 an attacker with a proper authentication mechanism may use a malicious Connection header to start a privilege escalation attack towards the Kubernetes API Server. This...

8.8CVSS8.7AI score0.01375EPSS
Exploits1References5
Rows per page
Query Builder