CVE-2022-31677 - OpenCVE

An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor (before v0.19.0). A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Vmware	Pinniped

Configuration 1 [-]

cpe:2.3:a:vmware:pinniped:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/vmware-tanzu/pinniped/security/advisories/GHSA-rp4v-hhm6-rcv9

History

No history.

MITRE

Status: PUBLISHED

Assigner: vmware

Published: 2022-08-29T14:03:02

Updated: 2024-08-03T07:26:01.043Z

Reserved: 2022-05-25T00:00:00

Link: CVE-2022-31677

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-08-29T15:15:10.867

Modified: 2022-09-07T18:41:23.577

Link: CVE-2022-31677

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Pinniped Supervisor", "vendor": "n/a", "versions": [{"status": "affected", "version": "Pinniped Supervisor (before v0.19.0)"}]}], "descriptions": [{"lang": "en", "value": "An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor (before v0.19.0). A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow."}], "problemTypes": [{"descriptions": [{"description": "Insufficient Session Expiration issue", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-08-29T14:03:02", "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/vmware-tanzu/pinniped/security/advisories/GHSA-rp4v-hhm6-rcv9"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@vmware.com", "ID": "CVE-2022-31677", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Pinniped Supervisor", "version": {"version_data": [{"version_value": "Pinniped Supervisor (before v0.19.0)"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor (before v0.19.0). A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Insufficient Session Expiration issue"}]}]}, "references": {"reference_data": [{"name": "https://github.com/vmware-tanzu/pinniped/security/advisories/GHSA-rp4v-hhm6-rcv9", "refsource": "MISC", "url": "https://github.com/vmware-tanzu/pinniped/security/advisories/GHSA-rp4v-hhm6-rcv9"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:26:01.043Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/vmware-tanzu/pinniped/security/advisories/GHSA-rp4v-hhm6-rcv9"}]}]}, "cveMetadata": {"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "assignerShortName": "vmware", "cveId": "CVE-2022-31677", "datePublished": "2022-08-29T14:03:02", "dateReserved": "2022-05-25T00:00:00", "dateUpdated": "2024-08-03T07:26:01.043Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}