CVE-2020-1764

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-1764

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-1764.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-1764

Aliases

Published

2020-03-26T13:15:13Z

Modified

2025-07-01T11:16:06.248872Z

Severity

8.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H CVSS Calculator

Summary

[none]

Details

A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alter the Istio configuration.

References

Affected packages

Git / github.com/envoyproxy/envoy

Affected ranges

Type: GIT
Repo: https://github.com/envoyproxy/envoy
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

670a4a60080f5889d9f7c022a009dcf25f1062ca

Type: GIT
Repo: https://github.com/kiali/kiali
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

3263b7692bcc06ad40292bedea5a9213e04aa9db

Affected versions

0.*

0.1.0.Alpha

0.2.0.Alpha

v0.*

v0.10.0

v0.11.0

v0.17.0

v0.18.0

v0.19.0

v0.20.0

v0.21.0

v0.4.0

v0.5.0

v0.6.0

v0.8.0

v0.9.0

v0.9.1

v1.*

v1.0.0

v1.1.0

v1.10.0

v1.11.0

v1.12.0

v1.13.0

v1.14.0

v1.15.0

v1.2.0

v1.3.0

v1.4.0

v1.5.0

v1.6.0

v1.7.0

v1.8.0

v1.9.0