Описание
A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Service Mesh 2.1 | openshift-service-mesh/kiali-rhel8 | Will not fix | ||
| Red Hat OpenShift Service Mesh 2.3 for RHEL 8 | openshift-service-mesh/kiali-rhel8 | Fixed | RHSA-2023:0542 | 30.01.2023 |
Показывать по
10
Дополнительная информация
Статус:
Low
Дефект:
CWE-74
https://bugzilla.redhat.com/show_bug.cgi?id=2148661kiali: error message spoofing in kiali UI
4.3 Medium
CVSS3
Связанные уязвимости
CVSS3: 4.3
nvd
больше 2 лет назад
A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed.
4.3 Medium
CVSS3