CVE-2022-23551Incorrect Authorization in Aad-pod-identity

CWE-863Incorrect AuthorizationCWE-1259Improper Restriction of Security Token AssignmentCWE-305Authentication Bypass by Primary Weakness6 documents5 sources
Severity
5.3MEDIUMNVD
EPSS
0.8%
top 26.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Azure Aad-pod-identityGithub.com Azure Aad-pod-identityMicrosoft Azure AD POD Identity+4 more
Timeline
PublishedDec 21
Latest updateAug 21

Description

aad-pod-identity assigns Azure Active Directory identities to Kubernetes applications and has now been deprecated as of 24 October 2022. The NMI component in AAD Pod Identity intercepts and validates token requests based on regex. In this case, a token request made with backslash in the request (example: `/metadata/identity\oauth2\token/`) would bypass the NMI validation and be sent to IMDS allowing a pod in the cluster to access identities that it shouldn't have access to. This issue has been f

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:LExploitability: 0.6 | Impact: 4.7

Affected Packages7 packages

CVEListV5azure/aad-pod-identity< 1.8.13

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
OSV
AAD Pod Identity obtaining token with backslash in github.com/Azure/aad-pod-identity2024-08-21
OSV
AAD Pod Identity obtaining token with backslash2022-12-21
GHSA
AAD Pod Identity obtaining token with backslash2022-12-21

📋Vendor Advisories

2
Red Hat
aad-pod-identity: authentication bypass via backslash2022-12-21
Microsoft
AAD Pod Identity obtaining token with backslash2022-12-13