2 matches found
CVE-2022-22975
CVE-2022-22975 affects VMware Pinniped Pinniped Supervisor components that handle LDAPIdentityProvider or ActiveDirectoryIdentityProvider. The root cause is unvalidated LDAP/AD query construction when a malicious user alters the CN to contain special characters, enabling LDAP query injection in t...
CVE-2022-31677
CVE-2022-31677 affects Pinniped Supervisor prior to v0.19.0. A bug in the token-exchange flow allowed an authentication session to outlive the intended window: expired access tokens could continue to be accepted until backend session data was cleared, effectively enabling a user to maintain acces...