Insufficient Session Expiration in Pinniped Supervisor by VMware Tanzu
CVE-2022-31677

5.4MEDIUM

Key Information:

Vendor

Vmware

Vendor
CVE Published:
29 August 2022

What is CVE-2022-31677?

A vulnerability exists in the Pinniped Supervisor, where users authenticating to Kubernetes clusters may exploit an insufficient session expiration. This flaw allows an access token to remain valid for an extended period, potentially allowing unauthorized access even after a user should have logged out.

Affected Version(s)

Pinniped Supervisor Pinniped Supervisor (before v0.19.0)

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.