Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-31677

An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor (before v0.19.0). A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow.

Published

2022-08-29T15:15:10.867

Last Modified

2024-11-21T07:05:06.457

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.4 (MEDIUM)

Weaknesses

Type: Primary
CWE-613

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	vmware	pinniped	< 0.19.0	Yes

References

https://github.com/vmware-tanzu/pinniped/security/advisories/GHSA-rp4v-hhm6-rcv9 Third Party Advisory ([email protected])
https://github.com/vmware-tanzu/pinniped/security/advisories/GHSA-rp4v-hhm6-rcv9 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)