Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1wcDNmLTk4cWctNWc3Nc4AAtU9
aws-iam-authenticator allow-listed IAM identity may be able to modify their username, escalate privileges before v0.5.9
A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges.
Permalink: https://github.com/advisories/GHSA-pp3f-98qg-5g75JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wcDNmLTk4cWctNWc3Nc4AAtU9
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 2 years ago
Updated: over 1 year ago
CVSS Score: 8.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Identifiers: GHSA-pp3f-98qg-5g75, CVE-2022-2385
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-2385
- https://github.com/kubernetes-sigs/aws-iam-authenticator/issues/472
- https://groups.google.com/a/kubernetes.io/g/dev/c/EMxHpU-1ZYs
- https://github.com/kubernetes-sigs/aws-iam-authenticator/pull/469
- https://github.com/kubernetes-sigs/aws-iam-authenticator/releases/tag/v0.5.9
- https://github.com/kubernetes-sigs/aws-iam-authenticator/commit/029d1dcf2ec8d662d9b1c21260bb197404bc8218
- https://github.com/advisories/GHSA-pp3f-98qg-5g75
Blast Radius: 20.3
Affected Packages
go:sigs.k8s.io/aws-iam-authenticator
Dependent packages: 101Dependent repositories: 321
Downloads:
Affected Version Ranges: < 0.5.9
Fixed in: 0.5.9
All affected versions: 0.1.0, 0.3.0, 0.4.0, 0.5.0, 0.5.1, 0.5.2, 0.5.3, 0.5.4, 0.5.5, 0.5.6, 0.5.7, 0.5.8
All unaffected versions: 0.5.9, 0.5.10, 0.5.11, 0.5.12, 0.5.13, 0.5.14, 0.5.15, 0.5.16, 0.5.17, 0.5.18, 0.5.19, 0.5.20, 0.5.21, 0.5.22, 0.5.23, 0.5.24, 0.5.25, 0.5.26, 0.5.27, 0.6.0, 0.6.1, 0.6.2, 0.6.3, 0.6.4, 0.6.5, 0.6.6, 0.6.7, 0.6.8, 0.6.9, 0.6.10, 0.6.11, 0.6.12, 0.6.13, 0.6.14, 0.6.15, 0.6.16, 0.6.17, 0.6.18, 0.6.19, 0.6.20, 0.6.21, 0.6.22, 0.6.23, 0.6.24