Vulnerabilities > Kiali
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-23 | CVE-2022-3962 | A content spoofing vulnerability was found in Kiali. | 4.3 |
| 2021-05-28 | CVE-2021-20278 | Improper Authentication vulnerability in Kiali An authentication bypass vulnerability was found in Kiali in versions before 1.31.0 when the authentication strategy `OpenID` is used. | 6.5 |
| 2020-04-27 | CVE-2020-1762 | Session Fixation vulnerability in multiple products An insufficient JWT validation vulnerability was found in Kiali versions 0.4.0 to 1.15.0 and was fixed in Kiali version 1.15.1, wherein a remote attacker could abuse this flaw by stealing a valid JWT cookie and using that to spoof a user session, possibly gaining privileges to view and alter the Istio configuration. | 8.6 |
| 2020-03-26 | CVE-2020-1764 | Use of Hard-coded Credentials vulnerability in multiple products A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. | 8.6 |