Kiali 1.12.1

CPE Details

Kiali 1.12.1
kiali
kiali
1.12.1
2020-03-27
13h00 +00:00
2020-03-27
13h00 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:kiali:kiali:1.12.1:*:*:*:*:*:*:*

Informations

Vendor

kiali

Product

kiali

Version

1.12.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-20278 2021-05-28 08h42 +00:00 An authentication bypass vulnerability was found in Kiali in versions before 1.31.0 when the authentication strategy `OpenID` is used. When RBAC is enabled, Kiali assumes that some of the token validation is handled by the underlying cluster. When OpenID `implicit flow` is used with RBAC turned off, this token validation doesn't occur, and this allows a malicious user to bypass the authentication.
6.5
Medium
CVE-2020-1762 2020-04-27 18h41 +00:00 An insufficient JWT validation vulnerability was found in Kiali versions 0.4.0 to 1.15.0 and was fixed in Kiali version 1.15.1, wherein a remote attacker could abuse this flaw by stealing a valid JWT cookie and using that to spoof a user session, possibly gaining privileges to view and alter the Istio configuration.
8.6
High
CVE-2020-1764 2020-03-26 10h16 +00:00 A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alter the Istio configuration.
8.6
High