Описание
An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor (before v0.19.0). A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 0.3.0 (включая) до 0.19.0 (исключая)
cpe:2.3:a:vmware:pinniped:*:*:*:*:*:*:*:*
EPSS
Процентиль: 51%
0.00282
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-613
Связанные уязвимости
CVSS3: 4.9
github
больше 3 лет назад
Pinniped Supervisor Insufficient Session Expiration vulnerability
EPSS
Процентиль: 51%
0.00282
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-613