CVE-2022-2385

Sažetak

A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges.

Reference

https://groups.google.com/a/kubernetes.io/g/dev/c/EMxHpU-1ZYs
https://github.com/kubernetes-sigs/aws-iam-authenticator/issues/472

CVSS

Base:	6.0
Impact:	6.4
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

19-07-2022 - 17:20

Objavljeno

12-07-2022 - 19:15