Skip to main content

Kiali

3 CVEs product

Monthly

CVE-2021-20278 Go MEDIUM PATCH This Month

An authentication bypass vulnerability was found in Kiali in versions before 1.31.0 when the authentication strategy `OpenID` is used. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Kiali
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-1762 Go HIGH PATCH This Week

An insufficient JWT validation vulnerability was found in Kiali versions 0.4.0 to 1.15.0 and was fixed in Kiali version 1.15.1, wherein a remote attacker could abuse this flaw by stealing a valid JWT. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Kiali Openshift Service Mesh
NVD
CVSS 3.1
8.6
EPSS
1.1%
CVE-2020-1764 Go HIGH POC PATCH This Week

A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Kiali Openshift Service Mesh
NVD
CVSS 3.1
8.6
EPSS
3.5%
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

An authentication bypass vulnerability was found in Kiali in versions before 1.31.0 when the authentication strategy `OpenID` is used. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Kiali
NVD
EPSS 1% CVSS 8.6
HIGH PATCH This Week

An insufficient JWT validation vulnerability was found in Kiali versions 0.4.0 to 1.15.0 and was fixed in Kiali version 1.15.1, wherein a remote attacker could abuse this flaw by stealing a valid JWT. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Kiali +1
NVD
EPSS 3% CVSS 8.6
HIGH POC PATCH This Week

A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Kiali Openshift Service Mesh
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy