Improper Restriction of Security Token Assignment
CVE-2022-23551
Summary
aad-pod-identity assigns Azure Active Directory identities to Kubernetes applications and has now been deprecated as of 24 October 2022. The NMI component in AAD Pod Identity intercepts and validates token requests based on regex. In this case, a token request made with backslash in the request (example: `/metadata/identity\oauth2\token/`) would bypass the NMI validation and be sent to IMDS, allowing a pod in the cluster to access identities that it shouldn't have access to. If using the AKS pod-managed identities add-on, no action is required. This vulnerability affects the package github.com/Azure/aad-pod-identity versions prior to 1.8.13.
- LOW
- LOCAL
- HIGH
- UNCHANGED
- REQUIRED
- HIGH
- LOW
- LOW
CWE-1259 - Improper Restriction of Security Token Assignment
The System-On-A-Chip (SoC) implements a Security Token mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Tokens are improperly protected.
References
Advisory Timeline
- Published