An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor (before v0.19.0). A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow.
References
Link | Resource |
---|---|
https://github.com/vmware-tanzu/pinniped/security/advisories/GHSA-rp4v-hhm6-rcv9 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: vmware
Published: 2022-08-29T14:03:02
Updated: 2022-08-29T14:03:02
Reserved: 2022-05-25T00:00:00
Link: CVE-2022-31677
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-08-29T15:15:10.867
Modified: 2022-09-07T18:41:23.577
Link: CVE-2022-31677
JSON object: View
Redhat Information
No data.
CWE