CVE-2022-2385

Опубликовано: 12 июл. 2022

Источник: nvd

CVSS3: 8.1

CVSS3: 8.8

CVSS2: 6

EPSS Низкий

Описание

A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges.

Ссылки

https://github.com/kubernetes-sigs/aws-iam-authenticator/issues/472
Issue Tracking
Third Party Advisory
https://groups.google.com/a/kubernetes.io/g/dev/c/EMxHpU-1ZYs
Issue Tracking
Mailing List
Third Party Advisory
https://github.com/kubernetes-sigs/aws-iam-authenticator/issues/472
Issue Tracking
Third Party Advisory
https://groups.google.com/a/kubernetes.io/g/dev/c/EMxHpU-1ZYs
Issue Tracking
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:kubernetes:aws-iam-authenticator:*:*:*:*:*:kubernetes:*:*

Версия от 0.5.2 (включая) до 0.5.9 (исключая)

EPSS

Процентиль: 54%

0.00313

Низкий

8.1 High

CVSS3

8.8 High

CVSS3

6 Medium

CVSS2

Дефекты

CWE-20

NVD-CWE-noinfo

Связанные уязвимости

CVE-2022-2385

CVSS3: 8.1

redhat

больше 3 лет назад

A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges.

SUSE-SU-2022:2583-1

suse-cvrf

больше 3 лет назад

Security update for aws-iam-authenticator

GHSA-pp3f-98qg-5g75

CVSS3: 8.1

github

больше 3 лет назад

aws-iam-authenticator allow-listed IAM identity may be able to modify their username, escalate privileges before v0.5.9

EPSS

Процентиль: 54%

0.00313

Низкий

8.1 High

CVSS3

8.8 High

CVSS3

6 Medium

CVSS2

Дефекты

CWE-20

NVD-CWE-noinfo