config Open this link in a new tab package, versions <1.16.0-snapshot.1

Exploit Maturity

Proof of concept
Attack Complexity

Low
Availability

High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

snyk-id

SNYK-GOLANG-GITHUBCOMKIALIKIALICONFIG-561354
published

26 Mar 2020
disclosed

26 Mar 2020
credit

Unknown

Report a new vulnerability Found a mistake?

Introduced: 26 Mar 2020

CVE-2020-1764 Open this link in a new tab CWE-321 Open this link in a new tab

How to fix?

Upgrade github.com/kiali/kiali/config to version 1.16.0-snapshot.1 or higher.

Overview

github.com/kiali/kiali/config is a package part of Kiali project.

Affected versions of this package are vulnerable to Insufficiently Protected Credentials. A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alter the Istio configuration

Insufficiently Protected Credentials Affecting github.com/kiali/kiali/config Open this link in a new tab package, versions <1.16.0-snapshot.1

Exploit Maturity

Attack Complexity

Availability

snyk-id

published

disclosed

credit

Introduced: 26 Mar 2020

How to fix?

Overview

References