Konga v0.14.9 is affected by an incorrect access control vulnerability where a specially crafted request can lead to privilege escalation.
8.8CVSS
8.6AI Score
0.046EPSS
A vulnerability was found in Konga 2.8.3 on Kong. It has been classified as problematic. This affects an unknown part of the component Login API. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitability is told to be difficult. The explo...
5.9CVSS
5.8AI Score
0.002EPSS
An issue discovered in Konga 0.14.9 allows remote attackers to manipulate user accounts regardless of privilege via crafted POST request.
6.5CVSS
6.5AI Score
0.001EPSS
An issue in Konga v0.14.9 allows attackers to bypass authentication via a crafted JWT token.
9.8CVSS
9.2AI Score
0.001EPSS