CVE-2022-3962
- EPSS 0.11%
- Veröffentlicht 23.09.2023 20:15:10
- Zuletzt bearbeitet 21.11.2024 07:20:37
A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an er...
CVE-2021-20278
- EPSS 0.16%
- Veröffentlicht 28.05.2021 11:15:08
- Zuletzt bearbeitet 21.11.2024 05:46:16
An authentication bypass vulnerability was found in Kiali in versions before 1.31.0 when the authentication strategy `OpenID` is used. When RBAC is enabled, Kiali assumes that some of the token validation is handled by the underlying cluster. When Op...
CVE-2020-1762
- EPSS 1.3%
- Veröffentlicht 27.04.2020 21:15:13
- Zuletzt bearbeitet 21.11.2024 05:11:19
An insufficient JWT validation vulnerability was found in Kiali versions 0.4.0 to 1.15.0 and was fixed in Kiali version 1.15.1, wherein a remote attacker could abuse this flaw by stealing a valid JWT cookie and using that to spoof a user session, pos...
CVE-2020-1764
- EPSS 5.25%
- Veröffentlicht 26.03.2020 13:15:13
- Zuletzt bearbeitet 21.11.2024 05:11:20
A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanism...