CVE-2022-31677

Source
https://cve.org/CVERecord?id=CVE-2022-31677
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31677.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-31677
Aliases
Published
2022-08-29T14:03:02Z
Modified
2026-07-08T06:27:59.593672347Z
Summary
[none]
Details

An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor (before v0.19.0). A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/31xxx/CVE-2022-31677.json",
    "cna_assigner": "vmware"
}
References

Affected packages

Git / github.com/vmware/pinniped

Affected ranges

Type
GIT
Repo
https://github.com/vmware/pinniped
Events
Database specific
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "Pinniped Supervisor (before v0.19.0)"
        },
        {
            "last_affected": "Pinniped Supervisor (before v0.19.0)"
        }
    ]
}

Affected versions

Pinniped Supervisor (before v0.*
Pinniped Supervisor (before v0.19.0)
v0.*
v0.19.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31677.json"