3 matches found
CVE-2022-23652
Capsule-proxy (the reverse proxy for Capsule Operator) is affected. In versions prior to 0.2.1, an attacker with proper authentication can send a malicious Connection header to escalate privileges toward the Kubernetes API Server, exploiting the cluster-admin role bound to capsule-proxy. Multiple...
CVE-2023-46254
Capsule-proxy (Capsule Kubernetes multi-tenancy) contains a bug in the RoleBinding reflector that allows ServiceAccount tenants to list Namespaces owned by other tenants when two tenants share the same ServiceAccount name in different namespaces, under specific conditions (capsule-proxy running w...
CVE-2023-48312
CVE-2023-48312 affects capsule-proxy (capsule operator project). A privilege-escalation vulnerability arises from a missing check on user authentication based on TokenReview, enabling bypass of the token review mechanism on Kubernetes API servers where anonymous-auth is disabled. Impact: unauthor...