A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions before 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alter the Istio configuration.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
kiali kiali |
||
redhat openshift service mesh 1.0 |