CVSS N/A
2020-03-26 14:15:00 2020-03-26 14:16:00
A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alter the Istio configuration.
Support the originator by clicking the read the rest link below.