Authentication bypass using an empty token in capsule-proxy

capsule-proxy is a reverse proxy for the capsule operator project. Affected versions are subject to a privilege escalation vulnerability which is based on a missing check if the user is authenticated based on the `TokenReview` result. All the clusters running with the `anonymous-auth` Kubernetes API Server setting disable (set to `false`) are affected since it would be possible to bypass the token review mechanism, interacting with the upper Kubernetes API Server. This privilege escalation cannot be exploited if you're relying only on client certificates (SSL/TLS). This vulnerability has been addressed in version 0.4.6. Users are advised to upgrade.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

认证机制不恰当

capsule-proxy 授权问题漏洞

capsule-proxy是允许克服 Kubernetes API Server 在列出拥有的集群范围资源方面的限制，例如 Namespace、Ingress 和 Storage Classes、Nodes 以及 Capsule 涵盖的其他资源。 capsule-proxy 0.4.5及之前版本存在授权问题漏洞，该漏洞源于允许攻击者绕过令牌审查机制，与上层Kubernete API Server交互并进行权限提升。

N/A

N/A