Security Bulletins

Disclosed security vulnerabilities and their mitigation.

Disclosure Date Affected Releases Related

Disclosure	Date	Affected Releases	Related
KIALI-SECURITY-001	March 25, 2020	0.4.0 to 1.15.0	Authentication bypass using forged credentials.
KIALI-SECURITY-002	March 5, 2021	1.26.0, 1.26.1, 1.26.2, 1.27.0, 1.28.0, 1.28.1, 1.29.0, 1.29.1, 1.30.0	Authentication bypass when using the `openid` login strategy.
KIALI-SECURITY-003	May 11, 2021	prior to 1.33.0	Installation into ad-hoc namespaces.

March 25, 2020

0.4.0 to 1.15.0

Authentication bypass using forged credentials.

March 5, 2021

1.26.0, 1.26.1, 1.26.2, 1.27.0, 1.28.0, 1.28.1, 1.29.0, 1.29.1, 1.30.0

Authentication bypass when using the openid login strategy.

May 11, 2021

prior to 1.33.0

Installation into ad-hoc namespaces.