CVE-2020-1762
7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
Summary
An insufficient JWT validation vulnerability was found in Kiali versions 0.4.0 to 1.15.0 and was fixed in Kiali version 1.15.1, wherein a remote attacker could abuse this flaw by stealing a valid JWT cookie and using that to spoof a user session, possibly gaining privileges to view and alter the Istio configuration.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| [Kiali] | kiali | >= 0.4.0, < 1.15.1 | affected |
Weaknesses
- CWE-613: CWE-613
- CWE-384: CWE-384
ADP Enrichment
CVE Program Container
Additional References
- https://kiali.io/news/security-bulletins/kiali-security-001/
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1762
References
- https://kiali.io/news/security-bulletins/kiali-security-001/
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1762
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.