Konga v0.14.9 is affected by an incorrect access control vulnerability where a specially crafted request can lead to privilege escalation.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-863,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| konga_project | konga | 0.14.9 |
An issue discovered in Konga 0.14.9 allows remote attackers to manipulate user accounts regardless of privilege via crafted POST request.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| konga_project | konga | 0.14.9 |