CVE-2022-31677
Summary
| CVE | CVE-2022-31677 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-08-29 15:15:00 UTC |
| Updated | 2022-09-07 18:41:00 UTC |
| Description | An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor (before v0.19.0). A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow. |
Risk And Classification
Problem Types: CWE-613
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Insufficient session expiration of access tokens in Pinniped Supervisor before v0.19.0 causes user to be able to continue session beyond what might be allowed by proper use of the refresh token · Advisory · vmware-tanzu/pinniped · GitHub | MISC | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.