Vulnerabilities > Kiali

DATE CVE VULNERABILITY TITLE RISK
2023-09-23 CVE-2022-3962 A content spoofing vulnerability was found in Kiali.
network
low complexity
kiali redhat
4.3
2021-05-28 CVE-2021-20278 Improper Authentication vulnerability in Kiali
An authentication bypass vulnerability was found in Kiali in versions before 1.31.0 when the authentication strategy `OpenID` is used.
network
kiali CWE-287
5.8
2020-04-27 CVE-2020-1762 Session Fixation vulnerability in multiple products
An insufficient JWT validation vulnerability was found in Kiali versions 0.4.0 to 1.15.0 and was fixed in Kiali version 1.15.1, wherein a remote attacker could abuse this flaw by stealing a valid JWT cookie and using that to spoof a user session, possibly gaining privileges to view and alter the Istio configuration.
network
low complexity
kiali redhat CWE-384
8.6
2020-03-26 CVE-2020-1764 Use of Hard-coded Credentials vulnerability in multiple products
A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1.
network
low complexity
kiali redhat CWE-798
8.6