24 matches found
CVE-2022-31677
An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor before v0.19.0. A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow...
EUVD-2022-28091
Malicious code in bioql PyPI...
EUVD-2022-6938
Malicious code in bioql PyPI...
CVE-2022-22975
An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources. An attack would involve the malicious user changing the common name CN of their user entry on the LDAP or AD server to include special characters, which could be used ...
GO-2022-0981 Pinniped Supervisor Insufficient Session Expiration vulnerability in go.pinniped.dev
Pinniped Supervisor Insufficient Session Expiration vulnerability in go.pinniped.dev...
BIT-PINNIPED-2022-22975
An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources. An attack would involve the malicious user changing the common name CN of their user entry on the LDAP or AD server to include special characters, which could be used ...
BIT-PINNIPED-2022-31677
An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor before v0.19.0. A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow...
Pinniped Supervisor Insufficient Session Expiration vulnerability
Impact A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow. Access tokens issued by the Pinniped Supervisor have an intended expiration lifetime of...
GHSA-RP4V-HHM6-RCV9 Pinniped Supervisor Insufficient Session Expiration vulnerability
Impact A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow. Access tokens issued by the Pinniped Supervisor have an intended expiration lifetime of...
Pinniped Supervisor Insufficient Session Expiration vulnerability
An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor before v0.19.0. A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow...
CVE-2022-31677
An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor before v0.19.0. A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow...
CVE-2022-31677
An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor before v0.19.0. A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow...
CVE-2022-31677
An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor before v0.19.0. A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow...
Session fixation
An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor before v0.19.0. A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow...
CVE-2022-31677
An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor before v0.19.0. A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow...
CVE-2022-31677
CVE-2022-31677 affects Pinniped Supervisor prior to v0.19.0. A bug in the token-exchange flow allowed an authentication session to outlive the intended window: expired access tokens could continue to be accepted until backend session data was cleared, effectively enabling a user to maintain acces...
PT-2022-20885 · Unknown · Pinniped Supervisor
Name of the Vulnerable Software and Affected Versions: Pinniped Supervisor versions prior to 0.19.0 Description: An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor. A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their...
VMware Pinniped Supervisor 代码问题漏洞
Supervisor is a process control system for Unix-like systems. The system is primarily used to monitor and control processes in Unix-like operating systems.VMware Pinniped is a software from VMware that provides identity services for Kubernetes. A security vulnerability exists in VMware Pinniped...
CVE-2022-22975
An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources. An attack would involve the malicious user changing the common name CN of their user entry on the LDAP or AD server to include special characters, which could be used ...
CVE-2022-22975
An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources. An attack would involve the malicious user changing the common name CN of their user entry on the LDAP or AD server to include special characters, which could be used ...