Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An insufficient JWT validation vulnerability was found in Kiali versions 0.4.0 to 1.15.0 and was fixed in Kiali version 1.15.1, wherein a remote attacker could abuse this flaw by stealing a valid JWT cookie and using that to spoof a user session, possibly gaining privileges to view and alter the Istio configuration.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
Vulnerability Type
不充分的会话过期机制
Vulnerability Title
Kiali 授权问题漏洞
Vulnerability Description
Kiali是一款开源的、用于Istio微服务架构的可视化管理工具。 Kiali 0.4.0版本至1.15.0版本中存在授权问题漏洞,该漏洞源于不充分的JWT验证。远程攻击者可通过窃取有效的JWT cookie并伪造用户会话利用该漏洞获取权限,查看并修改Istio配置。
CVSS Information
N/A
Vulnerability Type
N/A