Lucene search
Veracode Vulnerability DatabaseVERACODE:36840HistoryAug 30, 2022 - 3:32 a.m.
Session Fixation
2022-08-3003:32:44
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
0.001 Low
EPSS
Percentile
22.9%
github.com/vmware-tanzu/pinniped is vulnerable to session fixation. The vulnerability exists due to an insufficient session expiration used in the validateAccessToken function of token_exchange.go, allowing an attacker to use the access token to continue the session without refreshing the token when authenticating to kubernetes clusters via the pinniped supervisor.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/vmware-tanzu/pinniped | le | v0.18.0 | |
| github.com/vmware-tanzu/pinniped | le | v0.18.0 |
Related
osv
osv
BIT-pinniped-2022-31677
2024-03-06 11:01:40
CVE-2022-31677
2022-08-29 15:15:10
Pinniped Supervisor Insufficient Session Expiration vulnerability
2022-09-01 22:24:05
cvelist
cvelist
CVE-2022-31677
2022-08-29 14:03:02
cve
cve
CVE-2022-31677
2022-08-29 15:15:10
prion
prion
Session fixation
2022-08-29 15:15:00
gitlab
gitlab
Pinniped Supervisor Insufficient Session Expiration vulnerability
2022-09-01 00:00:00
nvd
nvd
CVE-2022-31677
2022-08-29 15:15:10
github
github
Pinniped Supervisor Insufficient Session Expiration vulnerability
2022-09-01 22:24:05