CVE-2022-2385: aws-iam-authenticator allow-listed IAM identity may be able to modify their username, escalate privileges before v0.5.9
(updated )
A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges.
References
- github.com/advisories/GHSA-pp3f-98qg-5g75
- github.com/kubernetes-sigs/aws-iam-authenticator/issues/472
- github.com/kubernetes-sigs/aws-iam-authenticator/pull/469
- github.com/kubernetes-sigs/aws-iam-authenticator/releases/tag/v0.5.9
- groups.google.com/a/kubernetes.io/g/dev/c/EMxHpU-1ZYs
- nvd.nist.gov/vuln/detail/CVE-2022-2385
Detect and mitigate CVE-2022-2385 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →