Twelvemo

**Name of the Vulnerable Software and Affected Versions** aws-cdk-lib versions 2.0.0 through 2.80.0 @aws-cdk/aws-eks versions 1.57.0 through 1.202.0 **Description** The issue concerns the AWS Cloud Development Kit (AWS CDK), an open-source software development framework. In the affected packages, `eks.Cluster` and `eks.FargateCluster` constructs create two roles, `CreationRole` and `default MastersRole`, with overly permissive trust policies. The `CreationRole` is used by lambda handlers to create the cluster and deploy Kubernetes resources, while the `default MastersRole` has permissions to execute `kubectl` commands on the cluster. Users with CDK version higher or equal to 1.62.0 (including v2 users) may be affected by the `CreationRole`, and users with CDK version higher or equal to 1.57.0 (including v2 users) may be affected by the `default MastersRole`. The issue has been fixed in `@aws-cdk/aws-eks` v1.202.0 and `aws-cdk-lib` v2.80.0, which restrict the trust policy to specific roles of lambda handlers. **Recommendations** To resolve the issue for aws-cdk-lib versions 2.0.0 through 2.80.0, upgrade to version 2.80.0 or later. To resolve the issue for @aws-cdk/aws-eks versions 1.57.0 through 1.202.0, upgrade to version 1.202.0 or later. As a temporary workaround for the `default MastersRole`, use the `mastersRole` property to explicitly provide a role. For example: `new eks.Cluster(this, 'Cluster', { ... mastersRole: iam.Role.fromRoleArn(this, 'Admin', 'arn:aws:iam::xxx:role/Admin') });`