LDAP Injection Vulnerability in Pinniped Supervisor by VMware Tanzu
CVE-2022-22975
6.6MEDIUM
What is CVE-2022-22975?
A vulnerability has been identified in the Pinniped Supervisor, specifically related to the LADPIdentityProvider and ActiveDirectoryIdentityProvider components. This issue arises when an attacker manipulates their user entry's common name (CN) to include special characters. Such manipulation can exploit the Supervisor's LDAP query, allowing unauthorized access to group memberships in Kubernetes. This jeopardizes the security of the cluster by enabling attackers to gain elevated privileges through crafted LDAP queries.
Affected Version(s)
Pinniped Pinniped versions before v0.17.0