Security Advisory

CVE-2020-1764

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-03-26 11:16:09

Last updated 2024-08-04 06:46:30

Assigner redhat

State PUBLISHED

Description

A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alter the Istio configuration.

← Browse all CVEs View on cve.org ↗