A vulnerability was found in Kiali v1.9 ignoring JWT claim fields (i.e. subject, expiration) allowing compromised or stale tokens to be used.
Acknowledgments: Name: Dagan Henderson (Akoya, LLC)
This issue has been addressed in the following products: Openshift Service Mesh 1.0 Via RHSA-2020:0972 https://access.redhat.com/errata/RHSA-2020:0972
External References: https://kiali.io/news/security-bulletins/kiali-security-001/