CVE-2020-1764

  • Published Date: Thu 26 Mar 2020
  • Last Modified Date: Mon 30 Mar 2020

A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alter the Istio configuration.