CVE-2021-20278

An authentication bypass vulnerability was found in Kiali in versions before 1.31.0 when the authentication strategy `OpenID` is used. When RBAC is enabled, Kiali assumes that some of the token validation is handled by the underlying cluster. When OpenID `implicit flow` is used with RBAC turned off, this token validation doesn't occur, and this allows a malicious user to bypass the authentication.

CVSS v3 6.5 MEDIUM
CVSS v2.0 5.8 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

5.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1937171	Issue Tracking Patch Third Party Advisory
https://kiali.io/news/security-bulletins/kiali-security-002/	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:kiali:kiali:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-05-28 11:15

Updated : 2024-02-28 18:28

NVD link : CVE-2021-20278

Mitre link : CVE-2021-20278

CVE.ORG link : CVE-2021-20278

JSON object : View

Products Affected

kiali

kiali

CWE

CWE-287

Improper Authentication

CWE-290

Authentication Bypass by Spoofing

{"id": "CVE-2021-20278", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}]}, "published": "2021-05-28T11:15:08.077", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937171", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://kiali.io/news/security-bulletins/kiali-security-002/", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}, {"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-290"}]}], "descriptions": [{"lang": "en", "value": "An authentication bypass vulnerability was found in Kiali in versions before 1.31.0 when the authentication strategy `OpenID` is used. When RBAC is enabled, Kiali assumes that some of the token validation is handled by the underlying cluster. When OpenID `implicit flow` is used with RBAC turned off, this token validation doesn't occur, and this allows a malicious user to bypass the authentication."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en Kiali en versiones anteriores a 1.31.0, cuando es usado la estrategia de autenticaci\u00f3n \"OpenID\". Cuando RBAC est\u00e1 habilitado, Kiali asume que parte de la comprobaci\u00f3n del token es manejada por el cl\u00faster subyacente. Cuando es usado el \"implicit flow\" de OpenID con el RBAC desactivado, esta comprobaci\u00f3n del token no ocurre y esto permite a un usuario malicioso omitir la autenticaci\u00f3n"}], "lastModified": "2022-08-05T15:20:07.570", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:kiali:kiali:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6DDF9BF-693D-4CFA-87D0-F152AFC8FD1C", "versionEndExcluding": "1.31.0"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}