proxy package, versions <1.24.7

Attack Complexity

Low
Confidentiality

High
Integrity

High
Availability

High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

snyk-id

SNYK-GOLANG-GITHUBCOMKYMAPROJECTKYMACOMPONENTSAPISERVERPROXYINTERNALPROXY-2320179
published

15 Dec 2021
disclosed

15 Dec 2021
credit

Kaktusowy500

Report a new vulnerability Found a mistake?

Introduced: 15 Dec 2021

CVE-2021-38182 Open this link in a new tab CWE-20 Open this link in a new tab

How to fix?

Upgrade github.com/kyma-project/kyma/components/apiserver-proxy/internal/proxy to version 1.24.7 or higher.

Overview

github.com/kyma-project/kyma/components/apiserver-proxy/internal/proxy is a core component that uses JWT authentication to secure access to the Kubernetes API server. It is based on the kube-rbac-proxy project. This Helm chart outlines the component's installation.

Affected versions of this package are vulnerable to Improper Input Validation. Authenticated users can pass a Header of their choice and escalate privileges which can completely compromise the cluster.

Improper Input Validation Affecting github.com/kyma-project/kyma/components/apiserver-proxy/internal/proxy package, versions <1.24.7

Attack Complexity

Confidentiality

Integrity

Availability

snyk-id

published

disclosed

credit

Introduced: 15 Dec 2021

How to fix?

Overview

References