8.6
CWE
384 613
Advisory Published
Updated

CVE-2020-1762

First published: Mon Apr 27 2020(Updated: )

An insufficient JWT validation vulnerability was found in Kiali versions 0.4.0 to 1.15.0 and was fixed in Kiali version 1.15.1, wherein a remote attacker could abuse this flaw by stealing a valid JWT cookie and using that to spoof a user session, possibly gaining privileges to view and alter the Istio configuration.

Credit: secalert@redhat.com

Affected SoftwareAffected VersionHow to fix
Kiali Kiali>=0.4.0<1.15.1
Redhat Openshift Service Mesh=1.0

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2020-1762?

    CVE-2020-1762 is an insufficient JWT validation vulnerability found in Kiali versions 0.4.0 to 1.15.0.

  • What is the severity of CVE-2020-1762?

    The severity of CVE-2020-1762 is high with a CVSS score of 8.6.

  • How can an attacker exploit CVE-2020-1762?

    An attacker can exploit CVE-2020-1762 by stealing a valid JWT cookie and using it to spoof a user session, potentially gaining unauthorized privileges.

  • Which software versions are affected by CVE-2020-1762?

    Kiali versions 0.4.0 to 1.15.0, as well as Redhat Openshift Service Mesh 1.0, are affected by CVE-2020-1762.

  • How can CVE-2020-1762 be fixed?

    CVE-2020-1762 can be fixed by updating Kiali to version 1.15.1 or applying the necessary patches provided by the vendor.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203