CVE-2022-2385

Summary

A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges.

Affected Software

VendorProductVersion RangeStatus
Kubernetesaws-iam-authenticatorv0.5.2 < unspecifiedaffected
Kubernetesaws-iam-authenticatorunspecified < v0.5.9affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

Workarounds

Prior to upgrading, this vulnerability can be mitigated by not using the {{AccessKeyID}} template value to construct usernames.

ADP Enrichment

CVE Program Container

Additional References

References