Описание
A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges.
A flaw was found in aws-iam-authenticator. This issue occurs when an allow-listed IAM identity may be able to modify their username and escalate privileges.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 4 | openshift4/ose-hypershift-rhel9 | Affected |
Показывать по
10
Дополнительная информация
Статус:
Important
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=2107036aws-iam-authenticator: AccessKeyID validation bypass
8.1 High
CVSS3
Связанные уязвимости
CVSS3: 8.1
nvd
больше 3 лет назад
A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges.
CVSS3: 8.1
github
больше 3 лет назад
aws-iam-authenticator allow-listed IAM identity may be able to modify their username, escalate privileges before v0.5.9
8.1 High
CVSS3