OpenCVE

A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Kubernetes	Aws-iam-authenticator

Configuration 1 [-]

cpe:2.3:a:kubernetes:aws-iam-authenticator:*:*:*:*:*:kubernetes:*:*

No data.

References

Link	Providers
https://github.com/kubernetes-sigs/aws-iam-authenticator/issues/472
https://groups.google.com/a/kubernetes.io/g/dev/c/EMxHpU-1ZYs
https://nvd.nist.gov/vuln/detail/CVE-2022-2385
https://www.cve.org/CVERecord?id=CVE-2022-2385

History

No history.

MITRE

Status: PUBLISHED

Assigner: kubernetes

Published: 2022-07-12T14:25:10.421681Z

Updated: 2024-09-16T22:25:39.286Z

Reserved: 2022-07-11T00:00:00

Link: CVE-2022-2385

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-07-12T19:15:08.487

Modified: 2022-07-19T17:20:35.583

Link: CVE-2022-2385

Redhat

Severity : Important

Publid Date: 2022-07-11T00:00:00Z

Links: CVE-2022-2385 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "aws-iam-authenticator", "vendor": "Kubernetes", "versions": [{"lessThan": "unspecified", "status": "affected", "version": "v0.5.2", "versionType": "custom"}, {"lessThan": "v0.5.9", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Gafnit Amiga"}], "datePublic": "2022-07-11T00:00:00", "descriptions": [{"lang": "en", "value": "A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-07-12T14:25:10", "orgId": "a6081bf6-c852-4425-ad4f-a67919267565", "shortName": "kubernetes"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/kubernetes-sigs/aws-iam-authenticator/issues/472"}, {"tags": ["x_refsource_MISC"], "url": "https://groups.google.com/a/kubernetes.io/g/dev/c/EMxHpU-1ZYs"}], "source": {"defect": ["https://github.com/kubernetes-sigs/aws-iam-authenticator/issues/472"], "discovery": "EXTERNAL"}, "title": "AccessKeyID validation bypass", "workarounds": [{"lang": "en", "value": "Prior to upgrading, this vulnerability can be mitigated by not using the {{AccessKeyID}} template value to construct usernames."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@kubernetes.io", "DATE_PUBLIC": "2022-07-11T16:00:00.000Z", "ID": "CVE-2022-2385", "STATE": "PUBLIC", "TITLE": "AccessKeyID validation bypass"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "aws-iam-authenticator", "version": {"version_data": [{"version_affected": ">=", "version_value": "v0.5.2"}, {"version_affected": "<", "version_value": "v0.5.9"}]}}]}, "vendor_name": "Kubernetes"}]}}, "credit": [{"lang": "eng", "value": "Gafnit Amiga"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20 Improper Input Validation"}]}]}, "references": {"reference_data": [{"name": "https://github.com/kubernetes-sigs/aws-iam-authenticator/issues/472", "refsource": "MISC", "url": "https://github.com/kubernetes-sigs/aws-iam-authenticator/issues/472"}, {"name": "https://groups.google.com/a/kubernetes.io/g/dev/c/EMxHpU-1ZYs", "refsource": "MISC", "url": "https://groups.google.com/a/kubernetes.io/g/dev/c/EMxHpU-1ZYs"}]}, "source": {"defect": ["https://github.com/kubernetes-sigs/aws-iam-authenticator/issues/472"], "discovery": "EXTERNAL"}, "work_around": [{"lang": "en", "value": "Prior to upgrading, this vulnerability can be mitigated by not using the {{AccessKeyID}} template value to construct usernames."}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:39:06.995Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/kubernetes-sigs/aws-iam-authenticator/issues/472"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://groups.google.com/a/kubernetes.io/g/dev/c/EMxHpU-1ZYs"}]}]}, "cveMetadata": {"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565", "assignerShortName": "kubernetes", "cveId": "CVE-2022-2385", "datePublished": "2022-07-12T14:25:10.421681Z", "dateReserved": "2022-07-11T00:00:00", "dateUpdated": "2024-09-16T22:25:39.286Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kubernetes:aws-iam-authenticator:*:*:*:*:*:kubernetes:*:*", "matchCriteriaId": "61C7DCDF-228A-41D4-9336-B6E757616B72", "versionEndExcluding": "0.5.9", "versionStartIncluding": "0.5.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges."}, {"lang": "es", "value": "Se ha detectado un problema de seguridad en aws-iam-authenticator donde una identidad IAM permitida puede ser capaz de modificar su nombre de usuario y escalar privilegios"}], "id": "CVE-2022-2385", "lastModified": "2022-07-19T17:20:35.583", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "jordan@liggitt.net", "type": "Secondary"}]}, "published": "2022-07-12T19:15:08.487", "references": [{"source": "jordan@liggitt.net", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/kubernetes-sigs/aws-iam-authenticator/issues/472"}, {"source": "jordan@liggitt.net", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "https://groups.google.com/a/kubernetes.io/g/dev/c/EMxHpU-1ZYs"}], "sourceIdentifier": "jordan@liggitt.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "jordan@liggitt.net", "type": "Secondary"}]}