Insufficient Validation Affecting github.com/kiali/kiali/config package, versions <1.16.0-snapshot.1


Severity

Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.15% (52nd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-GOLANG-GITHUBCOMKIALIKIALICONFIG-561353
  • published26 Mar 2020
  • disclosed26 Mar 2020
  • creditDagan Henderson

Introduced: 26 Mar 2020

CVE-2020-1762  (opens in a new tab)
CWE-295  (opens in a new tab)

How to fix?

Upgrade github.com/kiali/kiali/config to version 1.16.0-snapshot.1 or higher.

Overview

github.com/kiali/kiali/config is a package part of Kiali project.

Affected versions of this package are vulnerable to Insufficient Validation. A remote attacker could abuse this flaw by stealing a valid JWT cookie and using that to spoof a user session, possibly gaining privileges to view and alter the Istio configuration.

CVSS Scores

version 3.1