A vulnerability was found in Kiali v1.9 ignoring JWT claim fields (i.e. subject, expiration) allowing compromised or stale tokens to be used.
Name: Dagan Henderson (Akoya, LLC)
This issue has been addressed in the following products:
Openshift Service Mesh 1.0
Via RHSA-2020:0972 https://access.redhat.com/errata/RHSA-2020:0972