Bug 1810387 (CVE-2020-1762)

Summary: CVE-2020-1762 kiali: ignoring JWT claim fields
Product: [Other] Security Response Reporter: Mark Cooper <mcooper>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: kconner, mazz, rcernich, security-response-team
Target Milestone: ---Keywords: Reopened, Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: kiali 1.15.1 Doc Type: If docs needed, set a value
Doc Text:
An insufficient JWT validation vulnerability was found in Kiali, versions 0.4.0 to 1.15.0. A remote attacker could abuse this flaw by stealing a valid JWT cookie and using that to spoof a user session, possibly gaining privileges to view and alter the Istio configuration.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2020-03-26 07:06:33 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1810199    

Description Mark Cooper 2020-03-05 06:48:32 UTC 
A vulnerability was found in Kiali v1.9 ignoring JWT claim fields (i.e. subject, expiration) allowing compromised or stale tokens to be used.
Comment 5 Guilherme de Almeida Suckevicz 2020-03-19 16:33:52 UTC 
Acknowledgments:

Name: Dagan Henderson (Akoya, LLC)
Comment 6 Mark Cooper 2020-03-26 06:33:53 UTC 
This issue has been addressed in the following products:

  Openshift Service Mesh 1.0

Via RHSA-2020:0972 https://access.redhat.com/errata/RHSA-2020:0972
Comment 7 Mark Cooper 2020-03-26 06:37:59 UTC 
External References:

https://kiali.io/news/security-bulletins/kiali-security-001/