Prometherion

**Name of the Vulnerable Software and Affected Versions** capsule-proxy versions prior to 0.2.1 **Description** The issue is related to the capsule-proxy, a reverse proxy for Capsule Operator that provides multi-tenancy in Kubernetes. An attacker with proper authentication may use a malicious `Connection` header to start a privilege escalation attack towards the Kubernetes API Server, potentially exploiting the `cluster-admin` Role bound to `capsule-proxy`. There are no known workarounds for this issue. **Recommendations** For versions prior to 0.2.1, upgrade to version 0.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `capsule-proxy` to minimize the risk of exploitation. Avoid using malicious `Connection` headers in the affected API endpoint until the issue is resolved.