CVE-2020-1764

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-1764
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1764.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-1764
Aliases
Published
2020-03-26T13:15:13.203Z
Modified
2026-04-10T04:26:20.390231Z
Severity
  • 8.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H CVSS Calculator
Summary
[none]
Details

A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alter the Istio configuration.

References

Affected packages

Git / github.com/kiali/kiali

Affected ranges

Type
GIT
Repo
https://github.com/kiali/kiali
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
3263b7692bcc06ad40292bedea5a9213e04aa9db
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
3e41d70c18d412a44f217b2b85ddb99a0eb9f957
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.15.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0"
        }
    ]
}

Affected versions

0.*
0.1.0.Alpha
v0.*
v0.10.0
v0.21.0
v0.4.0
v0.5.0
v0.6.0
v0.9.0
v0.9.1
v1.*
v1.0.0
v1.15.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1764.json"