4 matches found
RHEL 7 : Red Hat OpenShift Service Mesh 1.0.10 Jaeger and Kiali (RHSA-2020:0972)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0972 advisory. Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise...
CVE-2020-1762
An insufficient JWT validation vulnerability was found in Kiali versions 0.4.0 to 1.15.0 and was fixed in Kiali version 1.15.1, wherein a remote attacker could abuse this flaw by stealing a valid JWT cookie and using that to spoof a user session, possibly gaining privileges to view and alter the...
CVE-2020-1762
An insufficient JWT validation vulnerability was found in Kiali versions 0.4.0 to 1.15.0 and was fixed in Kiali version 1.15.1, wherein a remote attacker could abuse this flaw by stealing a valid JWT cookie and using that to spoof a user session, possibly gaining privileges to view and alter the...
CVE-2020-1762
CVE-2020-1762 affects Kiali versions 0.4.0 to 1.15.0; root cause is insufficient JWT validation. An attacker could steal a valid JWT cookie and use it to spoof a user session, potentially gaining privileges to view and alter Istio configuration. The issue was fixed in Kiali 1.15.1. Remediation is...