An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor (before v0.19.0). A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow.
References
Link | Resource |
---|---|
https://github.com/vmware-tanzu/pinniped/security/advisories/GHSA-rp4v-hhm6-rcv9 | Third Party Advisory |
https://github.com/vmware-tanzu/pinniped/security/advisories/GHSA-rp4v-hhm6-rcv9 | Third Party Advisory |
Configurations
History
21 Nov 2024, 07:05
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/vmware-tanzu/pinniped/security/advisories/GHSA-rp4v-hhm6-rcv9 - Third Party Advisory |
07 Sep 2022, 18:41
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-08-29 15:15
Updated : 2024-11-21 07:05
NVD link : CVE-2022-31677
Mitre link : CVE-2022-31677
CVE.ORG link : CVE-2022-31677
JSON object : View
Products Affected
vmware
- pinniped
CWE
CWE-613
Insufficient Session Expiration