CVE-2022-22975

Name of the Vulnerable Software and Affected Versions Pinniped Supervisor (affected versions not specified)

Description An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources. The issue allows an attack where a malicious user changes the common name (CN) of their user entry on the LDAP or AD server to include special characters. These special characters could be used to perform LDAP query injection on the Supervisor's LDAP query, which determines their Kubernetes group membership.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.