Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources. An attack would involve the malicious user changing the common name (CN) of their user entry on the LDAP or AD server to include special characters, which could be used to perform LDAP query injection on the Supervisor's LDAP query which determines their Kubernetes group membership.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
VMware Pinniped 注入漏洞
Vulnerability Description
VMware Pinniped是美国威睿(VMware)公司的一款为 Kubernetes 提供身份服务的软件。 VMware Pinniped 存在注入漏洞,该漏洞源于Pinniped Supervisor 中的 LDAP 查询注入导致攻击者通过更改 Kubernetes 组成员身份来提升权限。
CVSS Information
N/A
Vulnerability Type
N/A