Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An authentication bypass vulnerability was found in Kiali in versions before 1.31.0 when the authentication strategy `OpenID` is used. When RBAC is enabled, Kiali assumes that some of the token validation is handled by the underlying cluster. When OpenID `implicit flow` is used with RBAC turned off, this token validation doesn't occur, and this allows a malicious user to bypass the authentication.
CVSS Information
N/A
Vulnerability Type
使用欺骗进行的认证绕过
Vulnerability Title
Kiali 授权问题漏洞
Vulnerability Description
Kiali是一款开源的、用于Istio微服务架构的可视化管理工具。 Kiali 1.31.0之前的版本存在授权问题漏洞,该漏洞源于当启用RBAC时,Kiali假定底层集群处理一些令牌验证。攻击者可通过该漏洞绕过身份验证。
CVSS Information
N/A
Vulnerability Type
N/A