Security Advisories · vmware/pinniped · GitHub

Security Advisories

View known security vulnerabilities and report new vulnerabilities privately to maintainers.

Report a vulnerability

Insufficient session expiration of access tokens in Pinniped Supervisor before v0.19.0 causes user to be able to continue session beyond what might be allowed by proper use of the refresh token
GHSA-rp4v-hhm6-rcv9 published Aug 26, 2022 by cfryanr

Moderate
LDAP query injection in Pinniped Supervisor before v0.17.0 causes attacker to escalate privileges by changing Kubernetes group memberships when the attacker is also able to edit their own LDAP user entry
GHSA-hvrf-5hhv-4348 published May 6, 2022 by cfryanr

High