CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

RedhatCVE•added 2023/01/25 7:5 p.m.•49 views

CVE-2023-22482

A flaw was found in ArgoCD. GitOps is vulnerable to an improper authorization bug where the API may accept invalid tokens. ID providers include an audience claim in signed tokens, which may be used to restrict which services can accept the token. ArgoCD doesn't properly validate the audience clai...

8.8CVSS8.6AI score0.00879EPSS

Exploits0References4

OSV•added 2021/05/18 6:28 p.m.•26 views

GHSA-64RH-R86Q-75FF Hard coded cryptographic key in Kiali

A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alte...

8.6CVSS8.6AI score0.03468EPSS

Exploits2References9

Tenable Nessus•added 2021/02/16 12:0 a.m.•16 views

JSON Web Token None Hashing Algorithm

JSON Web Tokens can be signed to protect against data tampering. By using an asymmetric or a symmetric signing algorithm, the application computes a signature of the token data which will be verified during token decoding to ensure its integrity. JSON Web Tokens can be configured by an applicatio...

7.2AI score

Exploits0References5

BDU FSTEC•added 2020/06/17 12:0 a.m.•3 views

The vulnerability of the management console for the service mesh based on Kiali in Istio, related to the use of a hard-coded encryption key, allows attackers to escalate their privileges.

The vulnerability of the management console for the Istio Kiali service mesh is related to the use of a strictly encrypted encryption key. Exploiting this vulnerability allows an attacker to enhance their privileges by creating self-signed access tokens...

9.7CVSS7AI score0.03468EPSS

Exploits2References3Affected Software2

OSV•added 2020/03/26 1:15 p.m.•27 views

CVE-2020-1764

8.6CVSS6.9AI score0.03468EPSS

Exploits2References2

CVE•added 2020/03/26 11:16 a.m.•109 views

CVE-2020-1764

CVE-2020-1764 concerns a hard-coded cryptographic key in Kiali’s default config, affecting all versions

8.6CVSS8.5AI score0.03468EPSS

Exploits2References2Affected Software1

Positive Technologies•added 2020/03/25 12:0 a.m.•4 views

PT-2020-2707 · Istio · Kiali

Name of the Vulnerable Software and Affected Versions: Kiali versions prior to 1.15.1 Description: The issue is related to a hard-coded cryptographic key in the default configuration file of Kiali, which is part of the Istio service mesh. This flaw can be exploited by a remote attacker to create...

9.7CVSS6.8AI score0.03468EPSS

Exploits2References18

CVE•added 2018/10/05 2:0 p.m.•55 views

CVE-2018-15382

CVE-2018-15382 (Cisco HyperFlex): A static signing key present in all Cisco HyperFlex systems enables an unauthenticated attacker to generate valid, signed session tokens and access the HyperFlex Web UI on other systems. Connected sources indicate affected software prior to 3.5(1a) and describe t...

8.6CVSS8.6AI score0.01281EPSS

Exploits0References2Affected Software1

Tenable Nessus•added 2016/03/15 12:0 a.m.•27 views

Zend Framework < 1.12.4 Multiple Vulnerabilities

Binary data 9150.prm...

7.5CVSS9.7AI score0.02802EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by