EPSS
Percentile
59.1%
github.com/kiali/kiali is vulnerable to authentication bypass. The default signing key for JWT cookies is known in the source, allowing an attacker to forge credentials and use it to gain access to the application.
bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1764
github.com/kiali/kiali/pull/2560
kiali.io/news/security-bulletins/kiali-security-001/