CVE-2022-23551
CVE-2022-23551 concerns AAD Pod Identity: the NMI component could bypass validation for token requests containing a backslash (example /metadata/identity\oauth2\token/), potentially enabling a pod to access identities it should not have. The bug arises from NMI’s regex-based validation and is add...