admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-12 02:05:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Updated version info CVE-2020-1762

Browse Source
This commit is contained in:
Tausif Siddiqui 2020-04-17 17:30:37 +05:30
parent d08f0d496b
commit 5993653659
No known key found for this signature in database
GPG Key ID: 5B5F75D784880089
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
2020/1xxx/CVE-2020-1762.json
View File

@ -18,7 +18,7 @@
"version": {
"version_data": [
{
"version_value": "Fixed in Kiali 1.15.1"
"version_value": ">= 0.4.0, < 1.15.1"
}
]
}
@ -65,7 +65,7 @@
"description_data": [
{
"lang": "eng",
"value": "An insufficient JWT validation vulnerability was found in Kiali versions 0.4.0 to 1.15.0 wherein a remote attacker could abuse this flaw by stealing a valid JWT cookie and using that to spoof a user session, possibly gaining privileges to view and alter the Istio configuration."
"value": "An insufficient JWT validation vulnerability was found in Kiali versions 0.4.0 to 1.15.0 and was fixed in Kiali version 1.15.1, wherein a remote attacker could abuse this flaw by stealing a valid JWT cookie and using that to spoof a user session, possibly gaining privileges to view and alter the Istio configuration."
}
]
},