An insufficient JWT validation vulnerability was found in Kiali versions 0.4.0 to 1.15.0 and was fixed in Kiali version 1.15.1, wherein a remote attacker could abuse this flaw by stealing a valid JWT cookie and using that to spoof a user session, possibly gaining privileges to view and alter the Istio configuration.
Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Kiali | Kiali | 0.4.0 (including) | 1.15.1 (excluding) |
Openshift Service Mesh 1.0 | RedHat | jaeger-0:v1.13.1.redhat6-1.el7 | * |
Openshift Service Mesh 1.0 | RedHat | kiali-0:v1.0.10.redhat1-1.el7 | * |
Such a scenario is commonly observed when: