Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Authentication bypass using an empty token in capsule-proxy
Vulnerability Description
capsule-proxy is a reverse proxy for the capsule operator project. Affected versions are subject to a privilege escalation vulnerability which is based on a missing check if the user is authenticated based on the `TokenReview` result. All the clusters running with the `anonymous-auth` Kubernetes API Server setting disable (set to `false`) are affected since it would be possible to bypass the token review mechanism, interacting with the upper Kubernetes API Server. This privilege escalation cannot be exploited if you're relying only on client certificates (SSL/TLS). This vulnerability has been addressed in version 0.4.6. Users are advised to upgrade.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
认证机制不恰当
Vulnerability Title
capsule-proxy 授权问题漏洞
Vulnerability Description
capsule-proxy是允许克服 Kubernetes API Server 在列出拥有的集群范围资源方面的限制,例如 Namespace、Ingress 和 Storage Classes、Nodes 以及 Capsule 涵盖的其他资源。 capsule-proxy 0.4.5及之前版本存在授权问题漏洞,该漏洞源于允许攻击者绕过令牌审查机制,与上层Kubernete API Server交互并进行权限提升。
CVSS Information
N/A
Vulnerability Type
N/A