CVE-2020-1764
CVSS v3.1
8.6 (High)
CVSS v2.0
7.5 (High)
EPSS
0.21 % (59th)
Affected Products
2
Advisories
1
A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alter the Istio configuration.
- CVE Status
- PUBLISHED
- CNA
- Red Hat, Inc.
- Published Date
-
2020-03-26 13:15:13
(4 years ago) - Updated Date
-
2023-11-07 03:19:34
(10 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...