CVE-2020-1764

2020-03-26T13:15:00
ID CVE-2020-1764
Type cve
Reporter cve@mitre.org
Modified 2020-05-28T17:21:00

Description

A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alter the Istio configuration.