VMware Pinniped
By the Year
In 2024 there have been 0 vulnerabilities in VMware Pinniped . Pinniped did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 2 | 6.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Pinniped vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent VMware Pinniped Security Vulnerabilities
An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor (before v0.19.0)
CVE-2022-31677
5.4 - Medium
- August 29, 2022
An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor (before v0.19.0). A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow.
Insufficient Session Expiration
An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources
CVE-2022-22975
6.6 - Medium
- May 11, 2022
An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources. An attack would involve the malicious user changing the common name (CN) of their user entry on the LDAP or AD server to include special characters, which could be used to perform LDAP query injection on the Supervisor's LDAP query which determines their Kubernetes group membership.
Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for VMware Pinniped or by VMware? Click the Watch button to subscribe.
