CVE-2022-2385 is a vulnerability in Kubernetes Aws Iam Authenticator
Published on July 12, 2022
AccessKeyID validation bypass
A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges.
Vulnerability Analysis
CVE-2022-2385 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.
Weakness Type
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Products Associated with CVE-2022-2385
Want to know whenever a new CVE is published for Kubernetes Aws Iam Authenticator? stack.watch will email you.
Affected Versions
Kubernetes aws-iam-authenticator:- Version v0.5.2 and below unspecified is affected.
- Version unspecified and below v0.5.9 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.