Show filters
3 Total Results
Displaying 1-3 of 3
Sort by:
Attacker Value
Unknown

CVE-2023-39846

Disclosure Date: August 16, 2023 (last updated October 08, 2023)
An issue in Konga v0.14.9 allows attackers to bypass authentication via a crafted JWT token.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-26987

Disclosure Date: May 01, 2023 (last updated October 08, 2023)
An issue discovered in Konga 0.14.9 allows remote attackers to manipulate user accounts regardless of privilege via crafted POST request.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-42192

Disclosure Date: May 04, 2022 (last updated October 07, 2023)
Konga v0.14.9 is affected by an incorrect access control vulnerability where a specially crafted request can lead to privilege escalation.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0