Lucene search
KubernetesCVELIST:CVE-2022-2385HistoryJul 12, 2022 - 2:25 p.m.
CVE-2022-2385 AccessKeyID validation bypass
2022-07-1214:25:10
CWE-20
kubernetes
www.cve.org
6
cve-2022-2385
accesskeyid
validation bypass
allow-listed
iam identity
privilege escalation
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
AI Score
8.9
Confidence
High
EPSS
0.001
Percentile
37.0%
A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges.
CNA Affected
[
{
"product": "aws-iam-authenticator",
"vendor": "Kubernetes",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "v0.5.2",
"versionType": "custom"
},
{
"lessThan": "v0.5.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
redhatcve
redhatcve
CVE-2022-2385
2022-07-14 08:21:31
osv
osv
veracode
veracode
Privilege Escalation
2022-07-13 09:50:56
openvas
openvas
openSUSE: Security Advisory for aws-iam-authenticator (SUSE-SU-2022:2583-1)
2022-07-30 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:2583-1)
2022-08-01 00:00:00
nvd
nvd
CVE-2022-2385
2022-07-12 19:15:08
prion
prion
Security feature bypass
2022-07-12 19:15:00
nessus
nessus
SUSE SLES15 Security Update : aws-iam-authenticator (SUSE-SU-2022:2583-1)
2022-07-30 00:00:00
github
github
cve
cve
CVE-2022-2385
2022-07-12 19:15:08
gitlab
gitlab
suse
suse
Security update for aws-iam-authenticator (important)
2022-07-29 00:00:00
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
AI Score
8.9
Confidence
High
EPSS
0.001
Percentile
37.0%
Related for CVELIST:CVE-2022-2385