CVE-2020-1764

Summary

A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alter the Istio configuration.

Affected Software

VendorProductVersion RangeStatus
Red Hatkialiall Kiali versions prior to 1.15.1affected

Weaknesses

  • CWE-321: CWE-321

ADP Enrichment

CVE Program Container

Additional References

References