CVE-2021-20278

CVE-2021-20278

An authentication bypass vulnerability was found in Kiali in versions before 1.31.0 when the authentication strategy `OpenID` is used. When RBAC is enabled, Kiali assumes that some of the token validation is handled by the underlying cluster. When OpenID `implicit flow` is used with RBAC turned off, this token validation doesn’t occur, and this allows a malicious user to bypass the authentication.

Source: CVE-2021-20278

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다