CVE-2022-22975

An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources. An attack would involve the malicious user changing the common name (CN) of their user entry on the LDAP or AD server to include special characters, which could be used to perform LDAP query injection on the Supervisor's LDAP query which determines their Kubernetes group membership.

CVSS v3 6.6 MEDIUM
CVSS v2.0 6.0 MEDIUM

6.6^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.7 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:S/C:P/I:P/A:P

Exploitability : 6.8 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/vmware-tanzu/pinniped/security/advisories/GHSA-hvrf-5hhv-4348	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:vmware:pinniped:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-05-11 16:15

Updated : 2024-02-28 19:09

NVD link : CVE-2022-22975

Mitre link : CVE-2022-22975

CVE.ORG link : CVE-2022-22975

JSON object : View

Products Affected

vmware

pinniped

CWE

CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

{"id": "CVE-2022-22975", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.7}]}, "published": "2022-05-11T16:15:08.877", "references": [{"url": "https://github.com/vmware-tanzu/pinniped/security/advisories/GHSA-hvrf-5hhv-4348", "tags": ["Third Party Advisory"], "source": "security@vmware.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-74"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources. An attack would involve the malicious user changing the common name (CN) of their user entry on the LDAP or AD server to include special characters, which could be used to perform LDAP query injection on the Supervisor's LDAP query which determines their Kubernetes group membership."}, {"lang": "es", "value": "Se ha detectado un problema en Pinniped Supervisor con los recursos LADPIdentityProvider o ActiveDirectoryIdentityProvider. Un ataque implicar\u00eda que el usuario malicioso cambiara el nombre com\u00fan (CN) de su entrada de usuario en el servidor LDAP o AD para incluir caracteres especiales, lo que podr\u00eda usarse para llevar a cabo una inyecci\u00f3n de consulta LDAP en la consulta LDAP del Supervisor que determina su pertenencia al grupo Kubernetes"}], "lastModified": "2022-05-19T18:30:11.343", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vmware:pinniped:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51D3A269-262A-421A-9945-D1B52B415E8D", "versionEndExcluding": "0.17.0", "versionStartIncluding": "0.9.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@vmware.com"}