VDB
CVE-2022-2385
CVE-2022-2385
PUBLISHED
CVSS 8.100000381469727 HIGH
A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges.
EPSS 0.31% · 54.8th percentile
Risk Scores
CVSS 3.1
8.100000381469727
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS Score
0.31%
54.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kubernetes | aws-iam-authenticator | v0.5.2, unspecified |
| kubernetes | aws-iam-authenticator | 0.5.2 |
| sigs.k8s.io | aws-iam-authenticator | 0 |
Timeline
- Jul 12, 2022 CVE Published
- Jul 13, 2022 EPSS Score
- Aug 30, 2022 EPSS Score
- Oct 16, 2022 EPSS Score
- Dec 2, 2022 EPSS Score
- Jan 18, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 23, 2023 EPSS Score
- Jun 9, 2023 EPSS Score
- Jul 26, 2023 EPSS Score
- Sep 11, 2023 EPSS Score
- Oct 28, 2023 EPSS Score
References
- https://github.com/kubernetes-sigs/aws-iam-authenticator/issues/472 url
- https://groups.google.com/a/kubernetes.io/g/dev/c/EMxHpU-1ZYs url
- https://nvd.nist.gov/vuln/detail/CVE-2022-2385 advisory
- https://github.com/kubernetes-sigs/aws-iam-authenticator/pull/469 url
- https://github.com/kubernetes-sigs/aws-iam-authenticator/commit/029d1dcf2ec8d662d9b1c21260bb197404bc8218 url
- https://github.com/kubernetes-sigs/aws-iam-authenticator package
- https://github.com/kubernetes-sigs/aws-iam-authenticator/releases/tag/v0.5.9 url