Pinniped VMware Pinniped

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in VMware Pinniped.

By the Year

In 2026 there have been 1 vulnerability in VMware Pinniped with an average score of 3.8 out of ten. Pinniped did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2026 as compared to last year.

Year Vulnerabilities Average Score
2026 1 3.80
2025 0 0.00
2024 0 0.00
2023 0 0.00
2022 2 6.00

It may take a day or so for new Pinniped vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent VMware Pinniped Security Vulnerabilities

Pinniped Supervisor 0.11-0.46 Elevates Cluster Privileges via AD DN Edit
CVE-2026-59269 3.8 - Low - July 09, 2026

A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially gain elevated permissions in the clusters, only if all the following conditions were true: the Pinniped Supervisor server is running with an ActiveDirectoryIdentityProvider resource configured; the ActiveDirectoryIdentityProvider.spec.groupSearch.attributes.groupName is empty; the attacker gains the ability to edit some part of the distinguished name (DN) of group entries in the Active Directory (AD) server's database for groups to which they belong; the configured group search parameters cause the edited group to be included in the group search results for the user; and the attacker knows the password for an AD user who belongs to the edited AD group. Affected versions: Pinniped (go.pinniped.dev) v0.11.0 through v0.46.0 inclusive; fixed in v0.47.0.

Pinniped Supervisor <v0.19.0 Insufficient Session Expiration via Access Token
CVE-2022-31677 5.4 - Medium - August 29, 2022

An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor (before v0.19.0). A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow.

Insufficient Session Expiration

An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources
CVE-2022-22975 6.6 - Medium - May 11, 2022

An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources. An attack would involve the malicious user changing the common name (CN) of their user entry on the LDAP or AD server to include special characters, which could be used to perform LDAP query injection on the Supervisor's LDAP query which determines their Kubernetes group membership.

Injection

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for VMware Pinniped or by VMware? Click the Watch button to subscribe.

VMware
Vendor

subscribe