KONGA 0.14.9 - Privilege Escalation

KONGA 0.14.9 allows attackers to set higher privilege users to full administration access. The attack vector is a crafted condition, as demonstrated by the /api/user/ID at ADMIN parameter. id: CVE-2021-42192 info: name: KONGA 0.14.9 - Privilege Escalation author: rschio severity: high description...

EUVD-2023-43546

Malicious code in bioql PyPI...

EUVD-2023-33908

Malicious code in bioql PyPI...

EUVD-2024-1536

Malicious code in bioql PyPI...

EUVD-2023-30777

Malicious code in bioql PyPI...

CVE-2023-39846

An issue in Konga v0.14.9 allows attackers to bypass authentication via a crafted JWT token...

CVE-2023-26987

An issue discovered in Konga 0.14.9 allows remote attackers to manipulate user accounts regardless of privilege via crafted POST request...

CVE-2023-2418

A vulnerability was found in Konga 2.8.3 on Kong. It has been classified as problematic. This affects an unknown part of the component Login API. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitability is told to be difficult. The...

CVE-2021-42192

Konga v0.14.9 is affected by an incorrect access control vulnerability where a specially crafted request can lead to privilege escalation...

CVE-2024-34243

Konga v0.14.9 is vulnerable to Cross Site Scripting XSS via the username parameter...

Konga is vulnerable to Cross Site Scripting (XSS) attacks

Konga v0.14.9 is vulnerable to Cross Site Scripting XSS via the username parameter...

GHSA-93PF-MRC8-4G3H Konga is vulnerable to Cross Site Scripting (XSS) attacks

Konga v0.14.9 is vulnerable to Cross Site Scripting XSS via the username parameter...

CVE-2024-34243

Konga v0.14.9 is vulnerable to Cross Site Scripting XSS via the username parameter...

CVE-2024-34243

Konga v0.14.9 is vulnerable to Cross Site Scripting XSS via the username parameter...

CVE-2024-34243

Konga v0.14.9 is vulnerable to Cross Site Scripting XSS via the username parameter...

CVE-2024-34243

Konga v0.14.9 is vulnerable to Cross Site Scripting XSS via the username parameter...

CVE-2024-34243

CVE-2024-34243 affects Konga v0.14.9 with Cross-Site Scripting (XSS) via the username parameter. The linked sources indicate the underlying issue is inadequate input validation on the username field, enabling injected scripts. The CVE is recorded with a CVSS v3.1 base score of 5.4 (Medium) and sh...

Konga 安全漏洞

Konga is a full-featured, open source, multi-user GUI from the individual developer Panagis Tselentis in the Netherlands. A security vulnerability exists in Konga version v0.14.9, which stems from vulnerability to cross-site scripting XSS attacks...

PT-2024-25763 · Konga · Konga

Name of the Vulnerable Software and Affected Versions: Konga version 0.14.9 Description: The issue allows for Cross Site Scripting XSS via the username parameter. Recommendations: For Konga version 0.14.9, avoid using the username parameter until the issue is resolved...

CVE-2023-39846

An issue in Konga v0.14.9 allows attackers to bypass authentication via a crafted JWT token...