GHSA-465w-gg5p-85c9
Suggest an improvement- Source
- https://github.com/advisories/GHSA-465w-gg5p-85c9
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-465w-gg5p-85c9/GHSA-465w-gg5p-85c9.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-465w-gg5p-85c9
- Aliases
- Published
- 2021-05-18T21:09:01Z
- Modified
- 2024-08-21T15:27:27.417878Z
- Severity
-
- 8.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H CVSS Calculator
- Summary
- Insufficient Session Expiration in Kiali
- Details
-
An insufficient JWT validation vulnerability was found in Kiali versions 0.4.0 to 1.15.0 and was fixed in Kiali version 1.15.1, wherein a remote attacker could abuse this flaw by stealing a valid JWT cookie and using that to spoof a user session, possibly gaining privileges to view and alter the Istio configuration.
- Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-295", "CWE-384", "CWE-613" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2021-05-18T20:45:55Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2020-1762
- https://github.com/kiali/kiali/commit/93f5cd0b6698e8fe8772afb8f35816f6c086aef1
- https://github.com/kiali/kiali/commit/c91a0949683976f621cca213c1193831d63b381c
- https://bugzilla.redhat.com/show_bug.cgi?id=1810387
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1762
- https://kiali.io/news/security-bulletins/kiali-security-001
Affected packages
Go / github.com/kiali/kiali
Package
- Name
- github.com/kiali/kiali
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/kiali/kiali