CVE-2020-1764 Vulnerability Details

  /     /     /  

CVE-2020-1764 Metadata Quick Info

CVE Published: 26/03/2020 | CVE Updated: 04/08/2024 | CVE Year: 2020
Source: redhat | Vendor: Red Hat | Product: kiali
Status : PUBLISHED

---

CVE-2020-1764 Description

A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alter the Istio configuration.

Metrics

CVSS Version: 3.1 | Base Score: 8.6 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* LOW
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-321
CWE Name: CWE-321
Source: Red Hat

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).