CVE-2020-1762
published 2020-04-27CVE-2020-1762: An insufficient JWT validation vulnerability was found in Kiali versions 0.4.0 to 1.15.0 and was fixed in Kiali version 1.15.1, wherein a remote attacker could…
high8.6CVSS 3.1
AVNACLPRNUINSUCLILAH
An insufficient JWT validation vulnerability was found in Kiali versions 0.4.0 to 1.15.0 and was fixed in Kiali version 1.15.1, wherein a remote attacker could abuse this flaw by stealing a valid JWT cookie and using that to spoof a user session, possibly gaining privileges to view and alter the Istio configuration.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | kiali_kiali | >= 0.4.0 < 1.15.1 | 1.15.1 |
| kiali | kiali | >= 0.4.0 < 1.15.1 | 1.15.1 |
| redhat | openshift_service_mesh | — | — |