CVE-2020-1764
published 2020-03-26CVE-2020-1764: A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse…
high8.6CVSS 3.1
AVNACLPRNUINSUCLILAH
A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alter the Istio configuration.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | kiali_kiali | >= 0 < 1.15.1 | 1.15.1 |
| kiali | kiali | < 1.15.1 | 1.15.1 |
| red_hat | kiali | — | — |
| redhat | openshift_service_mesh | — | — |