High severityNVD Advisory· Published Mar 26, 2020· Updated Aug 4, 2024
CVE-2020-1764
CVE-2020-1764
Description
A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alter the Istio configuration.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/kiali/kialiGo | < 1.15.1 | 1.15.1 |
Affected products
2- Red Hat/kialiv5Range: all Kiali versions prior to 1.15.1
Patches
Vulnerability mechanics
References
10- github.com/advisories/GHSA-64rh-r86q-75ffghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-1764ghsaADVISORY
- bugzilla.redhat.com/show_bug.cgighsaWEB
- bugzilla.redhat.com/show_bug.cgighsax_refsource_CONFIRMWEB
- github.com/kiali/kiali/commit/93f5cd0b6698e8fe8772afb8f35816f6c086aef1ghsaWEB
- github.com/kiali/kiali/commit/ac7bd6c7ddb2e01356e21d360dd1c718a90706adghsaWEB
- github.com/kiali/kiali/commit/ce48af57113c805a25179aaab1a0fac2fb93653fghsaWEB
- github.com/kiali/kiali/commit/faed1f5f90efae3df9fd6fb793f00ccc242b3a96ghsaWEB
- kiali.io/news/security-bulletins/kiali-security-001ghsaWEB
- kiali.io/news/security-bulletins/kiali-security-001/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.