漏洞标题
使用胶囊代理中的空令牌绕过身份验证
漏洞描述信息
使用空令牌绕过胶囊代理的身份验证
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞类别
认证机制不恰当
漏洞标题
Authentication bypass using an empty token in capsule-proxy
漏洞描述信息
capsule-proxy is a reverse proxy for the capsule operator project. Affected versions are subject to a privilege escalation vulnerability which is based on a missing check if the user is authenticated based on the `TokenReview` result. All the clusters running with the `anonymous-auth` Kubernetes API Server setting disable (set to `false`) are affected since it would be possible to bypass the token review mechanism, interacting with the upper Kubernetes API Server. This privilege escalation cannot be exploited if you're relying only on client certificates (SSL/TLS). This vulnerability has been addressed in version 0.4.6. Users are advised to upgrade.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
认证机制不恰当
漏洞标题
capsule-proxy 授权问题漏洞
漏洞描述信息
capsule-proxy是允许克服 Kubernetes API Server 在列出拥有的集群范围资源方面的限制,例如 Namespace、Ingress 和 Storage Classes、Nodes 以及 Capsule 涵盖的其他资源。 capsule-proxy 0.4.5及之前版本存在授权问题漏洞,该漏洞源于允许攻击者绕过令牌审查机制,与上层Kubernete API Server交互并进行权限提升。
CVSS信息
N/A
漏洞类别
授权问题