19 matches found
CVE-2022-31677
An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor before v0.19.0. A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow...
EUVD-2022-6938
Malicious code in bioql PyPI...
CVE-2022-22975
An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources. An attack would involve the malicious user changing the common name CN of their user entry on the LDAP or AD server to include special characters, which could be used ...
GO-2022-0981 Pinniped Supervisor Insufficient Session Expiration vulnerability in go.pinniped.dev
Pinniped Supervisor Insufficient Session Expiration vulnerability in go.pinniped.dev...
BIT-PINNIPED-2022-22975
An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources. An attack would involve the malicious user changing the common name CN of their user entry on the LDAP or AD server to include special characters, which could be used ...
BIT-PINNIPED-2022-31677
An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor before v0.19.0. A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow...
Pinniped Supervisor Insufficient Session Expiration vulnerability
Impact A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow. Access tokens issued by the Pinniped Supervisor have an intended expiration lifetime of...
GHSA-RP4V-HHM6-RCV9 Pinniped Supervisor Insufficient Session Expiration vulnerability
Impact A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow. Access tokens issued by the Pinniped Supervisor have an intended expiration lifetime of...
Pinniped Supervisor Insufficient Session Expiration vulnerability
An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor before v0.19.0. A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow...
CVE-2022-31677
An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor before v0.19.0. A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow...
CVE-2022-31677
An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor before v0.19.0. A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow...
Session fixation
An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor before v0.19.0. A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow...
CVE-2022-31677
An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor before v0.19.0. A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow...
CVE-2022-31677
CVE-2022-31677 affects Pinniped Supervisor prior to v0.19.0. A bug in the token-exchange flow allowed an authentication session to outlive the intended window: expired access tokens could continue to be accepted until backend session data was cleared, effectively enabling a user to maintain acces...
CVE-2022-22975
An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources. An attack would involve the malicious user changing the common name CN of their user entry on the LDAP or AD server to include special characters, which could be used ...
Design/Logic Flaw
An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources. An attack would involve the malicious user changing the common name CN of their user entry on the LDAP or AD server to include special characters, which could be used ...
CVE-2022-22975
An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources. An attack would involve the malicious user changing the common name CN of their user entry on the LDAP or AD server to include special characters, which could be used ...
CVE-2022-22975
CVE-2022-22975 affects VMware Pinniped Pinniped Supervisor components that handle LDAPIdentityProvider or ActiveDirectoryIdentityProvider. The root cause is unvalidated LDAP/AD query construction when a malicious user alters the CN to contain special characters, enabling LDAP query injection in t...
PT-2022-3916 · Unknown · Pinniped Supervisor
Name of the Vulnerable Software and Affected Versions: Pinniped Supervisor affected versions not specified Description: An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources. The issue allows an attack where a malicious us...