CVE-2020-1764

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-1764

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1764.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-1764

Aliases

Published

2020-03-26T13:15:13.203Z

Modified

2026-02-17T00:22:42.691436Z

Severity

8.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H CVSS Calculator

Summary

[none]

Details

A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alter the Istio configuration.

References

Affected packages

Git / github.com/kiali/kiali

Affected ranges

Type: GIT
Repo: https://github.com/kiali/kiali
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

3263b7692bcc06ad40292bedea5a9213e04aa9db

Affected versions

0.*

0.1.0.Alpha

0.2.0.Alpha

v0.*

v0.10.0

v0.11.0

v0.17.0

v0.18.0

v0.19.0

v0.20.0

v0.21.0

v0.4.0

v0.5.0

v0.6.0

v0.8.0

v0.9.0

v0.9.1

v1.*

v1.1.0

v1.10.0

v1.11.0

v1.12.0

v1.13.0

v1.14.0

v1.15.0

v1.2.0

v1.3.0

v1.4.0

v1.5.0

v1.6.0

v1.7.0

v1.8.0

v1.9.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1764.json"