A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alter the Istio configuration.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| github.com/kiali/kiali(Go) | 0 | 1.15.1 | N/A |
CVSS Metrics
