A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges.
References
- https://nvd.nist.gov/vuln/detail/CVE-2022-2385
- https://github.com/kubernetes-sigs/aws-iam-authenticator/issues/472
- https://groups.google.com/a/kubernetes.io/g/dev/c/EMxHpU-1ZYs
- https://github.com/kubernetes-sigs/aws-iam-authenticator/pull/469
- https://github.com/kubernetes-sigs/aws-iam-authenticator/releases/tag/v0.5.9
- https://github.com/advisories/GHSA-pp3f-98qg-5g75