High severityNVD Advisory· Published Jul 12, 2022· Updated Sep 16, 2024
AccessKeyID validation bypass
CVE-2022-2385
Description
A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
sigs.k8s.io/aws-iam-authenticatorGo | < 0.5.9 | 0.5.9 |
Affected products
9- ghsa-coords8 versionspkg:golang/sigs.k8s.io/aws-iam-authenticatorpkg:rpm/opensuse/aws-iam-authenticator&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/aws-iam-authenticator&distro=openSUSE%20Leap%2015.4pkg:rpm/suse/aws-iam-authenticator&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015pkg:rpm/suse/aws-iam-authenticator&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP1pkg:rpm/suse/aws-iam-authenticator&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP2pkg:rpm/suse/aws-iam-authenticator&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP3pkg:rpm/suse/aws-iam-authenticator&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP4
< 0.5.9+ 7 more
- (no CPE)range: < 0.5.9
- (no CPE)range: < 0.5.3-150000.1.9.1
- (no CPE)range: < 0.5.3-150000.1.9.1
- (no CPE)range: < 0.5.3-150000.1.9.1
- (no CPE)range: < 0.5.3-150000.1.9.1
- (no CPE)range: < 0.5.3-150000.1.9.1
- (no CPE)range: < 0.5.3-150000.1.9.1
- (no CPE)range: < 0.5.3-150000.1.9.1
- Kubernetes/aws-iam-authenticatorv5Range: v0.5.2
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-pp3f-98qg-5g75ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-2385ghsaADVISORY
- github.com/kubernetes-sigs/aws-iam-authenticator/commit/029d1dcf2ec8d662d9b1c21260bb197404bc8218ghsaWEB
- github.com/kubernetes-sigs/aws-iam-authenticator/issues/472ghsax_refsource_MISCWEB
- github.com/kubernetes-sigs/aws-iam-authenticator/pull/469ghsaWEB
- github.com/kubernetes-sigs/aws-iam-authenticator/releases/tag/v0.5.9ghsaWEB
- groups.google.com/a/kubernetes.io/g/dev/c/EMxHpU-1ZYsghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.