CVE-2020-1764HIGHCVSS 8.6vall Kiali versions prior to 1.15.12020-03-26
CVE-2020-1764 [HIGH] CWE-321 CVE-2020-1764: A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, a
A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alter the Istio configuration.
cvelistv5nvd