123 matches found
CVE-2026-59269
A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially gain elevated permissions in the clusters, only if all the following conditions were true: the Pinniped Supervisor server is running with an ActiveDirectoryIdentityProvider resource configured; the...
CVE-2026-59269
The CVE concerns Pinniped Supervisor authenticating to Kubernetes clusters, where an attacker could achieve elevated cluster permissions under specific AD/LDAP conditions. Affected software: Pinniped (go.pinniped.dev) versions v0.11.0–v0.46.0. Root cause: when an ActiveDirectoryIdentityProvider i...
CVE-2026-59269
A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially gain elevated permissions in the clusters, only if all the following conditions were true: the Pinniped Supervisor server is running with an ActiveDirectoryIdentityProvider resource configured; the...
CVE-2026-59269 Privilege Escalation via Active Directory LDAP injection in Pinniped Supervisor can be executed by an attacker who can edit LDAP Group DN entries
A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially gain elevated permissions in the clusters, only if all the following conditions were true: the Pinniped Supervisor server is running with an ActiveDirectoryIdentityProvider resource configured; the...
EUVD-2026-42530
A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially gain elevated permissions in the clusters, only if all the following conditions were true: the Pinniped Supervisor server is running with an ActiveDirectoryIdentityProvider resource configured; the...
CVE-2022-31677
An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor before v0.19.0. A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow...
Malicious code in lucky_pinniped_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1c3cabe0891f49564d25884963b1aabea3faebb81bd89284c42d79c4fa0afa6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-100383
Malicious code in whisperingpinnipedz3n npm...
EUVD-2025-106781
Malicious code in automaticpinnipedz3n npm...
EUVD-2025-102297
Malicious code in sharedpinnipedz3n npm...
EUVD-2025-103775
Malicious code in mechanicalpinnipedz3n npm...
EUVD-2025-103514
Malicious code in neighbouringpinnipedz3n npm...
EUVD-2025-101269
Malicious code in unacceptablepinnipedz3n npm...
EUVD-2025-103129
Malicious code in organicpinnipedz3n npm...
EUVD-2025-102979
Malicious code in profitablepinnipedz3n npm...
EUVD-2025-102392
Malicious code in saltypinnipedz3n npm...
EUVD-2025-94151
Malicious code in warmpinnipedz3n npm...
MAL-2025-123886 Malicious code in used_pinniped_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2d65dae09e11c07b89c7fdaa01ad0fb9bdb96301efb1e6c6102898d5bf6227fb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-88485
Malicious code in thoroughpinnipedz3n npm...
EUVD-2025-87957
Malicious code in visitingpinnipedz3n npm...