CVE-2021-20278 - OpenCVE

An authentication bypass vulnerability was found in Kiali in versions before 1.31.0 when the authentication strategy `OpenID` is used. When RBAC is enabled, Kiali assumes that some of the token validation is handled by the underlying cluster. When OpenID `implicit flow` is used with RBAC turned off, this token validation doesn't occur, and this allows a malicious user to bypass the authentication.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Kiali	Kiali

Configuration 1 [-]

cpe:2.3:a:kiali:kiali:*:*:*:*:*:*:*:*

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1937171	Issue Tracking Patch Third Party Advisory
https://kiali.io/news/security-bulletins/kiali-security-002/	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2021-05-28T10:42:40

Updated: 2021-05-28T10:42:40

Reserved: 2020-12-17T00:00:00

Link: CVE-2021-20278

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-05-28T11:15:08.077

Modified: 2022-08-05T15:20:07.570

Link: CVE-2021-20278

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "kiali", "vendor": "n/a", "versions": [{"status": "affected", "version": "kiali 1.31.0"}]}], "descriptions": [{"lang": "en", "value": "An authentication bypass vulnerability was found in Kiali in versions before 1.31.0 when the authentication strategy `OpenID` is used. When RBAC is enabled, Kiali assumes that some of the token validation is handled by the underlying cluster. When OpenID `implicit flow` is used with RBAC turned off, this token validation doesn't occur, and this allows a malicious user to bypass the authentication."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-290", "description": "CWE-290", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-05-28T10:42:40", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937171"}, {"tags": ["x_refsource_MISC"], "url": "https://kiali.io/news/security-bulletins/kiali-security-002/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2021-20278", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "kiali", "version": {"version_data": [{"version_value": "kiali 1.31.0"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An authentication bypass vulnerability was found in Kiali in versions before 1.31.0 when the authentication strategy `OpenID` is used. When RBAC is enabled, Kiali assumes that some of the token validation is handled by the underlying cluster. When OpenID `implicit flow` is used with RBAC turned off, this token validation doesn't occur, and this allows a malicious user to bypass the authentication."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-290"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1937171", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937171"}, {"name": "https://kiali.io/news/security-bulletins/kiali-security-002/", "refsource": "MISC", "url": "https://kiali.io/news/security-bulletins/kiali-security-002/"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-20278", "datePublished": "2021-05-28T10:42:40", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2021-05-28T10:42:40", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kiali:kiali:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6DDF9BF-693D-4CFA-87D0-F152AFC8FD1C", "versionEndExcluding": "1.31.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An authentication bypass vulnerability was found in Kiali in versions before 1.31.0 when the authentication strategy `OpenID` is used. When RBAC is enabled, Kiali assumes that some of the token validation is handled by the underlying cluster. When OpenID `implicit flow` is used with RBAC turned off, this token validation doesn't occur, and this allows a malicious user to bypass the authentication."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en Kiali en versiones anteriores a 1.31.0, cuando es usado la estrategia de autenticaci\u00f3n \"OpenID\". Cuando RBAC est\u00e1 habilitado, Kiali asume que parte de la comprobaci\u00f3n del token es manejada por el cl\u00faster subyacente. Cuando es usado el \"implicit flow\" de OpenID con el RBAC desactivado, esta comprobaci\u00f3n del token no ocurre y esto permite a un usuario malicioso omitir la autenticaci\u00f3n"}], "id": "CVE-2021-20278", "lastModified": "2022-08-05T15:20:07.570", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-05-28T11:15:08.077", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937171"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://kiali.io/news/security-bulletins/kiali-security-002/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-290"}], "source": "secalert@redhat.com", "type": "Secondary"}]}