MidnightBSD

Advisories for konga_project

CVE-2021-42192 HIGH

Konga v0.14.9 is affected by an incorrect access control vulnerability where a specially crafted request can lead to privilege escalation.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-863,

Products Affected

Vendor Product Version
konga_project konga 0.14.9
CVE-2023-26987

An issue discovered in Konga 0.14.9 allows remote attackers to manipulate user accounts regardless of privilege via crafted POST request.

Products Affected

Vendor Product Version
konga_project konga 0.14.9