VYPR
High severityNVD Advisory· Published Apr 27, 2020· Updated Aug 4, 2024

CVE-2020-1762

CVE-2020-1762

Description

An insufficient JWT validation vulnerability was found in Kiali versions 0.4.0 to 1.15.0 and was fixed in Kiali version 1.15.1, wherein a remote attacker could abuse this flaw by stealing a valid JWT cookie and using that to spoof a user session, possibly gaining privileges to view and alter the Istio configuration.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/kiali/kialiGo
>= 0.4.0, < 1.15.11.15.1

Affected products

2

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.