CVE-2022-2385

aws-iam-authenticator allow-listed IAM identity may be able to modify their username, escalate privileges before v0.5.9 in go/sigs.k8s.io/aws-iam-authenticator

Identifiers

GHSA-pp3f-98qg-5g75, CVE-2022-2385

Package Slug

go/sigs.k8s.io/aws-iam-authenticator

Vulnerability

aws-iam-authenticator allow-listed IAM identity may be able to modify their username, escalate privileges before v0.5.9

Description

A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges.

Affected Versions

All versions before 0.5.9

Solution

Upgrade to version 0.5.9 or above.

Last Modified

2022-07-24

source