An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor (before v0.19.0). A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow.
References
Link | Resource |
---|---|
https://github.com/vmware-tanzu/pinniped/security/advisories/GHSA-rp4v-hhm6-rcv9 | Third Party Advisory |
Configurations
History
07 Sep 2022, 18:41
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
CPE | cpe:2.3:a:vmware:pinniped:*:*:*:*:*:*:*:* | |
CWE | CWE-613 | |
First Time |
Vmware pinniped
Vmware |
|
References | (MISC) https://github.com/vmware-tanzu/pinniped/security/advisories/GHSA-rp4v-hhm6-rcv9 - Third Party Advisory |
29 Aug 2022, 15:48
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-08-29 15:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-31677
Mitre link : CVE-2022-31677
CVE.ORG link : CVE-2022-31677
JSON object : View
Products Affected
vmware
- pinniped
CWE
CWE-613
Insufficient Session Expiration