{"id":"CVE-2020-1764","details":"A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alter the Istio configuration.","aliases":["GHSA-64rh-r86q-75ff","GO-2022-0631"],"modified":"2026-04-10T04:26:20.390231Z","published":"2020-03-26T13:15:13.203Z","references":[{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1764"},{"type":"EVIDENCE","url":"https://kiali.io/news/security-bulletins/kiali-security-001/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/kiali/kiali","events":[{"introduced":"0"},{"fixed":"3263b7692bcc06ad40292bedea5a9213e04aa9db"},{"introduced":"0"},{"last_affected":"3e41d70c18d412a44f217b2b85ddb99a0eb9f957"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.15.1"},{"introduced":"0"},{"last_affected":"1.0"}]}}],"versions":["0.1.0.Alpha","v0.10.0","v0.21.0","v0.4.0","v0.5.0","v0.6.0","v0.9.0","v0.9.1","v1.0.0","v1.15.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1764.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"}]}