According to a security researcher, a flaw in AWS IAM Authenticator for Kubernetes might let a bad actor pretend to be other users and get elevated rights in Kubernetes clusters.
Elastic Kubernetes Service (EKS) clusters configured with the AccessKeyID template option are susceptible to the now-patched vulnerability, known as CVE-2022-2385, which might allow an attacker to pretend to be another user and get elevated access. Read More…