CVE-2022-2385

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions aws-iam-authenticator versions prior to 0.5.9

Description A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges.

Recommendations For versions prior to 0.5.9, update to version 0.5.9 or later to resolve the issue. As a temporary workaround, consider restricting access to allow-listed IAM identities to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2022-2385

GHSA-PP3F-98QG-5G75

GO-2022-0547

OPENSUSE-SU-2022_2583-1

SUSE-SU-2022:2583-1

SUSE-SU-2022_2583-1

Affected Products

Suse

Aws-Iam-Authenticator

CVE-2022-2385

Weakness Enumeration

Related Identifiers

Affected Products

References · 18