Produkt Konga (...) - CVEMAP.ORG

Podatności dla 'Konga'

2022-05-04

CVE-2021-42192

CWE-863

Konga v0.14.9 is affected by an incorrect access control vulnerability where a specially crafted request can lead to privilege escalation.

2022-03-28

CVE-2021-44103

CWE-269

Vertical Privilege Escalation in KONGA 0.14.9 allows attackers to higher privilege users to full administration access. The attack vector is a crafted condition, as demonstrated by the /api/user/{ID} at ADMIN parameter.

Copyright 2024, cxsecurity.com