CVE-2022-2385: AccessKeyID validation bypass
First published: Tue Jul 12 2022(Updated: )
A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges.
Credit: jordan@liggitt.net
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Kubernetes Aws-iam-authenticator | >=0.5.2<0.5.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-2385?
The severity of CVE-2022-2385 is high.
What is the description of CVE-2022-2385?
CVE-2022-2385 is a security issue in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges.
Which software is affected by CVE-2022-2385?
Kubernetes Aws-iam-authenticator versions 0.5.2 to 0.5.9 are affected by CVE-2022-2385.
How can an IAM identity modify their username and escalate privileges in CVE-2022-2385?
An allow-listed IAM identity can modify their username and escalate privileges in CVE-2022-2385.
Where can I find more information about CVE-2022-2385?
You can find more information about CVE-2022-2385 on the GitHub issue and Google Groups discussion linked in the references.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/title
- agent/severity
- agent/description
- agent/tags
- agent/first-publish-date
- agent/event
- vendor/kubernetes
- canonical/kubernetes aws-iam-authenticator
- version/kubernetes aws-iam-authenticator/0.5.2