A content spoofing vulnerability was found in Kiali. It exists that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an malicious user to perform arbitrary text injection when an error response is retrieved from the URL being accessed.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
kiali kiali - |
||
redhat openshift_service_mesh 2.3.1 |