Insufficient Session Expiration in Pinniped Supervisor by VMware Tanzu
CVE-2022-31677
5.4MEDIUM
What is CVE-2022-31677?
A vulnerability exists in the Pinniped Supervisor, where users authenticating to Kubernetes clusters may exploit an insufficient session expiration. This flaw allows an access token to remain valid for an extended period, potentially allowing unauthorized access even after a user should have logged out.
Affected Version(s)
Pinniped Supervisor Pinniped Supervisor (before v0.19.0)