CVE-2020-1762

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-1762

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-1762.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-1762

Aliases

Related

RHSA-2020:0972

Withdrawn

2024-09-03T05:12:44.267005Z

Published

2020-04-27T21:15:13Z

Modified

2024-09-01T22:44:48Z

Severity

8.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H CVSS Calculator

Summary

[none]

Details

An insufficient JWT validation vulnerability was found in Kiali versions 0.4.0 to 1.15.0 and was fixed in Kiali version 1.15.1, wherein a remote attacker could abuse this flaw by stealing a valid JWT cookie and using that to spoof a user session, possibly gaining privileges to view and alter the Istio configuration.

References

Affected packages

Git / github.com/istio/istio

Affected ranges

Type: GIT
Repo: https://github.com/istio/istio
Events: Introduced

4ea861ef32f5641094f600e61c1ff9346a612196

Fixed

bf836f0be536b0adcef68f93c405994769e767cb