capsule-proxy is a reverse proxy for Capsule Operator which provides multi-tenancy in Kubernetes. In versions prior to 0.2.1 an attacker with a proper authentication mechanism may use a malicious `Connection` header to start a privilege escalation attack towards the Kubernetes API Server. This vulnerability allows for an exploit of the `cluster-admin` Role bound to `capsule-proxy`. There are no known workarounds for this issue.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| github.com/clastix/capsule-proxy(Go) | 0 | 0.2.1 | N/A |
CVSS Metrics
