Описание
A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed.
Ссылки
- Third Party Advisory
- Third Party Advisory
- Issue TrackingThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Issue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:kiali:kiali:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:a:redhat:openshift_service_mesh:2.3.1:*:*:*:*:*:*:*
Одно из
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.0:*:*:*:*:*:*:*
EPSS
Процентиль: 30%
0.00107
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-74
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 4.3
redhat
около 3 лет назад
A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed.
EPSS
Процентиль: 30%
0.00107
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-74
NVD-CWE-noinfo