CVE-2022-23551
MEDIUMAzure AD Pod Identity < 1.8.13 - Improper Restriction of Security Token Assignment via Backslash Bypass
Title source: llmDescription
aad-pod-identity assigns Azure Active Directory identities to Kubernetes applications and has now been deprecated as of 24 October 2022. The NMI component in AAD Pod Identity intercepts and validates token requests based on regex. In this case, a token request made with backslash in the request (example: `/metadata/identity\oauth2\token/`) would bypass the NMI validation and be sent to IMDS allowing a pod in the cluster to access identities that it shouldn't have access to. This issue has been fixed and has been included in AAD Pod Identity release version 1.8.13. If using the AKS pod-managed identities add-on, no action is required. The clusters should now be running the version 1.8.13 release.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_confirm
https://github.com/Azure/aad-pod-identity/security/advisories/GHSA-p82q-rxpm-hjpc
Patch, Third Party Advisory x_refsource_misc
https://github.com/Azure/aad-pod-identity/commit/7e01970391bde6c360d077066ca17d059204cb5d
Third Party Advisory x_refsource_misc
https://github.com/Azure/aad-pod-identity/releases/tag/v1.8.13
Scores
CVSS v3
5.3
EPSS
0.0071
EPSS Percentile
48.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-1259
CWE-863
Status
published
Products (2)
Azure/aad-pod-identity
0 - 1.8.13Go
microsoft/azure_ad_pod_identity
< 1.8.13
Published
Dec 21, 2022
Tracked Since
Feb 18, 2026