{"containers": {"cna": {"affected": [{"product": "kiali", "vendor": "n/a", "versions": [{"status": "affected", "version": "kiali 1.31.0"}]}], "descriptions": [{"lang": "en", "value": "An authentication bypass vulnerability was found in Kiali in versions before 1.31.0 when the authentication strategy `OpenID` is used. When RBAC is enabled, Kiali assumes that some of the token validation is handled by the underlying cluster. When OpenID `implicit flow` is used with RBAC turned off, this token validation doesn't occur, and this allows a malicious user to bypass the authentication."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-290", "description": "CWE-290", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-05-28T10:42:40.000Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937171"}, {"tags": ["x_refsource_MISC"], "url": "https://kiali.io/news/security-bulletins/kiali-security-002/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2021-20278", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "kiali", "version": {"version_data": [{"version_value": "kiali 1.31.0"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An authentication bypass vulnerability was found in Kiali in versions before 1.31.0 when the authentication strategy `OpenID` is used. When RBAC is enabled, Kiali assumes that some of the token validation is handled by the underlying cluster. When OpenID `implicit flow` is used with RBAC turned off, this token validation doesn't occur, and this allows a malicious user to bypass the authentication."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-290"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1937171", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937171"}, {"name": "https://kiali.io/news/security-bulletins/kiali-security-002/", "refsource": "MISC", "url": "https://kiali.io/news/security-bulletins/kiali-security-002/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:37:23.663Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937171"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://kiali.io/news/security-bulletins/kiali-security-002/"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-20278", "datePublished": "2021-05-28T10:42:40.000Z", "dateReserved": "2020-12-17T00:00:00.000Z", "dateUpdated": "2024-08-03T17:37:23.663Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kiali:kiali:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6DDF9BF-693D-4CFA-87D0-F152AFC8FD1C", "versionEndExcluding": "1.31.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An authentication bypass vulnerability was found in Kiali in versions before 1.31.0 when the authentication strategy `OpenID` is used. When RBAC is enabled, Kiali assumes that some of the token validation is handled by the underlying cluster. When OpenID `implicit flow` is used with RBAC turned off, this token validation doesn't occur, and this allows a malicious user to bypass the authentication."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en Kiali en versiones anteriores a 1.31.0, cuando es usado la estrategia de autenticaci\u00f3n \"OpenID\". Cuando RBAC est\u00e1 habilitado, Kiali asume que parte de la comprobaci\u00f3n del token es manejada por el cl\u00faster subyacente. Cuando es usado el \"implicit flow\" de OpenID con el RBAC desactivado, esta comprobaci\u00f3n del token no ocurre y esto permite a un usuario malicioso omitir la autenticaci\u00f3n"}], "id": "CVE-2021-20278", "lastModified": "2024-11-21T05:46:16.153", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-05-28T11:15:08.077", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937171"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://kiali.io/news/security-bulletins/kiali-security-002/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937171"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://kiali.io/news/security-bulletins/kiali-security-002/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-290"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the Kiali Security Group for reporting this issue.", "bugzilla": {"description": "kiali: authentication bypass when using the OpenID login strategy", "id": "1937171", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937171"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "status": "draft"}, "cwe": "CWE-290", "details": ["An authentication bypass vulnerability was found in Kiali in versions before 1.31.0 when the authentication strategy `OpenID` is used. When RBAC is enabled, Kiali assumes that some of the token validation is handled by the underlying cluster. When OpenID `implicit flow` is used with RBAC turned off, this token validation doesn't occur, and this allows a malicious user to bypass the authentication.", "An authentication bypass vulnerability was found in Kiali when the authentication strategy `OpenID` is used. When RBAC is enabled, Kiali assumes that some of the token validation is handled by the underlying cluster. When OpenID `implicit flow` is used with RBAC turned off, this token validation doesn't occur, and this allows a malicious user to bypass the authentication."], "name": "CVE-2021-20278", "package_state": [{"cpe": "cpe:/a:redhat:service_mesh:2.0", "fix_state": "Not affected", "package_name": "kiali", "product_name": "OpenShift Service Mesh 2.0"}], "public_date": "2021-03-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-20278\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-20278\nhttps://kiali.io/news/security-bulletins/kiali-security-002/"], "statement": "OpenShift ServiceMesh (OSSM) Kiali is configured to delegate authorization to the OpenShift's RBAC user rights and the OpenID authentication strategy is not supported, therefore it is marked `not affected`.", "threat_severity": "Moderate"}

{}