CVE-2023-48312

capsule-proxy is a reverse proxy for the capsule operator project. Affected versions are subject to a privilege escalation vulnerability which is based on a missing check if the user is authenticated based on the `TokenReview` result. All the clusters running with the `anonymous-auth` Kubernetes API Server setting disable (set to `false`) are affected since it would be possible to bypass the token review mechanism, interacting with the upper Kubernetes API Server. This privilege escalation cannot be exploited if you're relying only on client certificates (SSL/TLS). This vulnerability has been addressed in version 0.4.6. Users are advised to upgrade.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/projectcapsule/capsule-proxy/commit/472404f7006a4152e4eec76dee07324dd1e6e823	Patch
https://github.com/projectcapsule/capsule-proxy/security/advisories/GHSA-fpvw-6m5v-hqfp	Exploit Vendor Advisory
https://github.com/projectcapsule/capsule-proxy/commit/472404f7006a4152e4eec76dee07324dd1e6e823	Patch
https://github.com/projectcapsule/capsule-proxy/security/advisories/GHSA-fpvw-6m5v-hqfp	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:clastix:capsule-proxy:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-11-24 18:15

Updated : 2024-11-21 08:31

NVD link : CVE-2023-48312

Mitre link : CVE-2023-48312

CVE.ORG link : CVE-2023-48312

JSON object : View

Products Affected

clastix

capsule-proxy

CWE

CWE-287

Improper Authentication

{"id": "CVE-2023-48312", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-11-24T18:15:07.127", "references": [{"url": "https://github.com/projectcapsule/capsule-proxy/commit/472404f7006a4152e4eec76dee07324dd1e6e823", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/projectcapsule/capsule-proxy/security/advisories/GHSA-fpvw-6m5v-hqfp", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/projectcapsule/capsule-proxy/commit/472404f7006a4152e4eec76dee07324dd1e6e823", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/projectcapsule/capsule-proxy/security/advisories/GHSA-fpvw-6m5v-hqfp", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "capsule-proxy is a reverse proxy for the capsule operator project. Affected versions are subject to a privilege escalation vulnerability which is based on a missing check if the user is authenticated based on the `TokenReview` result. All the clusters running with the `anonymous-auth` Kubernetes API Server setting disable (set to `false`) are affected since it would be possible to bypass the token review mechanism, interacting with the upper Kubernetes API Server. This privilege escalation cannot be exploited if you're relying only on client certificates (SSL/TLS). This vulnerability has been addressed in version 0.4.6. Users are advised to upgrade."}, {"lang": "es", "value": "Capsule-proxy es un proxy inverso para el proyecto del operador de c\u00e1psulas. Las versiones afectadas est\u00e1n sujetas a una vulnerabilidad de escalada de privilegios que se basa en una verificaci\u00f3n faltante si el usuario est\u00e1 autenticado seg\u00fan el resultado de \"TokenReview\". Todos los cl\u00fasteres que se ejecutan con la configuraci\u00f3n del servidor API de Kubernetes `anonymous-auth` deshabilitada (establecida en `false`) se ven afectados ya que ser\u00eda posible omitir el mecanismo de revisi\u00f3n de tokens, interactuando con el servidor API de Kubernetes superior. Esta escalada de privilegios no se puede aprovechar si conf\u00eda \u00fanicamente en certificados de cliente (SSL/TLS). Esta vulnerabilidad se ha solucionado en la versi\u00f3n 0.4.6. Se recomienda a los usuarios que actualicen."}], "lastModified": "2024-11-21T08:31:28.053", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:clastix:capsule-proxy:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9337A5E5-9358-466F-9BEF-D1EE51DD5A18", "versionEndIncluding": "0.4.5"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}