CVE-2022-31677

CVE Database · CVE-2022-31677

CVE-2022-31677

· MEDIUMModified

CVSS v3.1

5.4

EPSS

0.37%

Published

Aug 29, 2022

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor (before v0.19.0). A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Weaknesses (CWE)

CWE-613

Affected Products (1)

vmware · pinniped (up to 0.19.0)vulnerable

References (2)

https://github.com/vmware-tanzu/pinniped/security/advisories/GHSA-rp4v-hhm6-rcv9

Third Party Advisory

https://github.com/vmware-tanzu/pinniped/security/advisories/GHSA-rp4v-hhm6-rcv9

Third Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs