An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor (before v0.19.0). A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow.
CPE | Name | Operator | Version |
---|---|---|---|
go/go.pinniped.dev | ge | 0.3.0 | |
go/go.pinniped.dev | lt | 0.19.0 |