1. Home
  2. Vulnerabilities
  3. CVE-2020-1764

CVE-2020-1764

CVSS v3.1 8.6 (High)
86% Progress
CVSS v2.0 7.5 (High)
75% Progress
EPSS 0.21 % (59th)
0.21% Progress
Affected Products 2
Advisories 1
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alter the Istio configuration.

Weaknesses
CWE-321
Use of Hard-coded Cryptographic Key
CWE-798
Use of Hard-coded Credentials
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2020-03-26 13:15:13
(4 years ago)
Updated Date
2023-11-07 03:19:34
(10 months ago)

Affected Products

Kiali

Redhat

Configuration #1

    CPE23 From Up To
  Kiali prior 1.15.1 version cpe:2.3:a:kiali:kiali < 1.15.1

Configuration #2

    CPE23 From Up To
  Redhat Openshift Service Mesh 1.0 cpe:2.3:a:redhat:openshift_service_mesh:1.0