RSS   Vulnerabilities for 'Konga'   RSS

2022-05-04
 
CVE-2021-42192

CWE-863
 

 
Konga v0.14.9 is affected by an incorrect access control vulnerability where a specially crafted request can lead to privilege escalation.

 
2022-03-28
 
CVE-2021-44103

CWE-269
 

 
Vertical Privilege Escalation in KONGA 0.14.9 allows attackers to higher privilege users to full administration access. The attack vector is a crafted condition, as demonstrated by the /api/user/{ID} at ADMIN parameter.

 


Copyright 2024, cxsecurity.com

 

Back to Top