vulnerability

Oracle Linux: (CVE-2020-1764) ELSA-2020-5765: Unbreakable Enterprise kernel-container kata-image kata-runtime kata kubernetes kubernetes istio olcne security update

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Mar 26, 2020
Added
Jul 23, 2020
Modified
Aug 6, 2024

Description

A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alter the Istio configuration.

Solution(s)

oracle-linux-upgrade-istiooracle-linux-upgrade-istio-citadeloracle-linux-upgrade-istio-galleyoracle-linux-upgrade-istio-istioctloracle-linux-upgrade-istio-mixcoracle-linux-upgrade-istio-mixsoracle-linux-upgrade-istio-node-agentoracle-linux-upgrade-istio-pilot-agentoracle-linux-upgrade-istio-pilot-discoveryoracle-linux-upgrade-istio-proxy-initoracle-linux-upgrade-istio-sidecar-injectororacle-linux-upgrade-kataoracle-linux-upgrade-kata-imageoracle-linux-upgrade-kata-runtimeoracle-linux-upgrade-kernel-uek-containeroracle-linux-upgrade-kubeadmoracle-linux-upgrade-kubectloracle-linux-upgrade-kubeletoracle-linux-upgrade-kubernetesoracle-linux-upgrade-olcneoracle-linux-upgrade-olcne-agentoracle-linux-upgrade-olcne-api-serveroracle-linux-upgrade-olcne-istio-chartoracle-linux-upgrade-olcne-nginxoracle-linux-upgrade-olcne-prometheus-chartoracle-linux-upgrade-olcne-utilsoracle-linux-upgrade-olcnectl
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.