CVE-2022-23551

Published: Dic 21, 2022 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2022-7701 Aliases: GHSA-p82q-rxpm-hjpc
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 5,3
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: high
User Interaction: required
Scope: unchanged
Confidentiality: low
Integrity: high
Availability: low

Description

AI Translation Available

aad-pod-identity assigns Azure Active Directory identities to Kubernetes applications and has now been deprecated as of 24 October 2022. The NMI component in AAD Pod Identity intercepts and validates token requests based on regex. In this case, a token request made with backslash in the request (example: `/metadata/identity\oauth2\token/`) would bypass the NMI validation and be sent to IMDS allowing a pod in the cluster to access identities that it shouldn't have access to. This issue has been fixed and has been included in AAD Pod Identity release version 1.8.13. If using the AKS pod-managed identities add-on, no action is required. The clusters should now be running the version 1.8.13 release.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0077
Percentile
0,7th
Updated

EPSS Score Trend (Last 90 Days)

863

Incorrect Authorization

Incomplete
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Integrity Access Control Availability
Potential Impacts:
Read Application Data Read Files Or Directories Modify Application Data Modify Files Or Directories Gain Privileges Or Assume Identity Bypass Protection Mechanism Execute Unauthorized Code Or Commands Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Dos: Resource Consumption (Other)
Applicable Platforms
Technologies: Database Server, Not Technology-Specific, Web Server
Likelihood of Exploit: High
View CWE Details
1259

Improper Restriction of Security Token Assignment

Incomplete
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Integrity Availability Access Control
Potential Impacts:
Modify Files Or Directories Execute Unauthorized Code Or Commands Bypass Protection Mechanism Gain Privileges Or Assume Identity Modify Memory Dos: Crash, Exit, Or Restart
Applicable Platforms
Technologies: Not Technology-Specific, Processor Hardware, System on Chip
View CWE Details
Application

Azure Ad Pod Identity by Microsoft

Product Information
Vendor Microsoft
Product Azure Ad Pod Identity
Version Range Affected
To 1.8.13 (exclusive)
cpe:2.3:a:microsoft:azure_ad_pod_identity:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/Azure/aad-pod-identity/commit/7e01970391…
Patch Third Party Advisory
https://github.com/Azure/aad-pod-identity/commit/7e01970391bde6c360d077066ca17d…
https://github.com/Azure/aad-pod-identity/releases/tag/v1.8…
Third Party Advisory
https://github.com/Azure/aad-pod-identity/releases/tag/v1.8.13
https://github.com/Azure/aad-pod-identity/security/advisori…
Third Party Advisory
https://github.com/Azure/aad-pod-identity/security/advisories/GHSA-p82q-rxpm-hj…
https://github.com/Azure/aad-pod-identity/commit/7e01970391…
Patch Third Party Advisory
https://github.com/Azure/aad-pod-identity/commit/7e01970391bde6c360d077066ca17d…
https://github.com/Azure/aad-pod-identity/releases/tag/v1.8…
Third Party Advisory
https://github.com/Azure/aad-pod-identity/releases/tag/v1.8.13
https://github.com/Azure/aad-pod-identity/security/advisori…
Third Party Advisory
https://github.com/Azure/aad-pod-identity/security/advisories/GHSA-p82q-rxpm-hj…