mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-07 11:06:19 +00:00
1.2 KiB
1.2 KiB
CVE-2020-1764
Description
A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alter the Istio configuration.
POC
Reference
No PoCs from references.
Github
- https://github.com/0xT11/CVE-POC
- https://github.com/ARPSyndicate/cvemon
- https://github.com/The-Cracker-Technology/jwt_tool
- https://github.com/developer3000S/PoC-in-GitHub
- https://github.com/hectorgie/PoC-in-GitHub
- https://github.com/jpts/cve-2020-1764-poc
- https://github.com/mishmashclone/ticarpi-jwt_tool
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/puckiestyle/jwt_tool
- https://github.com/soosmile/POC
- https://github.com/ticarpi/jwt_tool