Lucene search
+L

57 matches found

osv
osv
added 2023/08/16 10:15 p.m.3 views

CVE-2023-39846

An issue in Konga v0.14.9 allows attackers to bypass authentication via a crafted JWT token...

9.8CVSS5.8AI score0.00897EPSS
Exploits1References1
nvd
nvd
added 2023/08/16 10:15 p.m.13 views

CVE-2023-39846

An issue in Konga v0.14.9 allows attackers to bypass authentication via a crafted JWT token...

9.8CVSS9.4AI score0.00897EPSS
Exploits1References1
prion
prion
added 2023/08/16 10:15 p.m.26 views

Authentication flaw

An issue in Konga v0.14.9 allows attackers to bypass authentication via a crafted JWT token...

7.5CVSS9.2AI score0.00897EPSS
Exploits1References1Affected Software1
cnnvd
cnnvd
added 2023/08/16 12:0 a.m.5 views

Konga 授权问题漏洞

KONGA is a full-featured, open source, multi-user GUI from the Dutch individual developer Panagis Tselentis. A security vulnerability exists in Konga version v0.14.9, which stems from a vulnerability that allows an attacker to bypass authentication via a crafted JWT token...

9.8CVSS8.4AI score0.00897EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2023/08/16 12:0 a.m.13 views

CVE-2023-39846

An issue in Konga v0.14.9 allows attackers to bypass authentication via a crafted JWT token...

7.2AI score0.00897EPSS
Exploits1References1
cvelist
cvelist
added 2023/08/16 12:0 a.m.20 views

CVE-2023-39846

An issue in Konga v0.14.9 allows attackers to bypass authentication via a crafted JWT token...

9.6AI score0.00897EPSS
Exploits1References1
cve
cve
added 2023/08/16 12:0 a.m.89 views

CVE-2023-39846

CVE-2023-39846 affects Konga v0.14.9 and enables authentication bypass via a crafted JWT token. The CVSSv3.1 base score is 9.8 (CRITICAL) with Network attack vector, low complexity, and no privileges/user interaction required. Documented impact is total compromise of confidentiality, integrity, a...

9.8CVSS9.2AI score0.00897EPSS
Exploits1References1Affected Software1
nvd
nvd
added 2023/05/01 10:15 p.m.16 views

CVE-2023-26987

An issue discovered in Konga 0.14.9 allows remote attackers to manipulate user accounts regardless of privilege via crafted POST request...

6.5CVSS6.6AI score0.0108EPSS
Exploits1References3
prion
prion
added 2023/05/01 10:15 p.m.11 views

Cross site request forgery (csrf)

An issue discovered in Konga 0.14.9 allows remote attackers to manipulate user accounts regardless of privilege via crafted POST request...

4CVSS6.6AI score0.0108EPSS
Exploits1References3Affected Software1
ptsecurity
ptsecurity
added 2023/05/01 12:0 a.m.7 views

PT-2023-20890 · Konga · Konga

Name of the Vulnerable Software and Affected Versions: Konga version 0.14.9 Description: An issue in Konga allows remote attackers to manipulate user accounts, regardless of privilege, via a crafted POST request. Recommendations: For Konga version 0.14.9, at the moment, there is no information...

6.5CVSS6.9AI score0.0108EPSS
Exploits1References7
cnnvd
cnnvd
added 2023/05/01 12:0 a.m.7 views

Konga 安全漏洞

KONGA is a full-featured, open source, multi-user GUI from the Dutch individual developer Panagis Tselentis. A security vulnerability exists in Konga version 0.14.9, which stems from a vulnerability that could allow a remote attacker to manipulate user accounts via a crafted POST request...

6.5CVSS6.5AI score0.0108EPSS
Exploits1References4
cve
cve
added 2023/05/01 12:0 a.m.54 views

CVE-2023-26987

CVE-2023-26987 affects Konga 0.14.9, where a crafted POST request enables remote attackers to manipulate user accounts regardless of privilege. The connected sources confirm the issue and describe the impact as unauthorized account manipulation via network-accessible input, with the root cause de...

6.5CVSS6.5AI score0.0108EPSS
Exploits1References3Affected Software1
vulnrichment
vulnrichment
added 2023/05/01 12:0 a.m.11 views

CVE-2023-26987

An issue discovered in Konga 0.14.9 allows remote attackers to manipulate user accounts regardless of privilege via crafted POST request...

6.6AI score0.0108EPSS
Exploits1References3
cvelist
cvelist
added 2023/05/01 12:0 a.m.18 views

CVE-2023-26987

An issue discovered in Konga 0.14.9 allows remote attackers to manipulate user accounts regardless of privilege via crafted POST request...

6.7AI score0.0108EPSS
Exploits1References3
osv
osv
added 2023/05/01 12:0 a.m.16 views

CVE-2023-26987

An issue discovered in Konga 0.14.9 allows remote attackers to manipulate user accounts regardless of privilege via crafted POST request...

6.5CVSS7.3AI score0.0108EPSS
Exploits1References5
osv
osv
added 2023/04/29 1:15 a.m.4 views

CVE-2023-2418

A vulnerability was found in Konga 2.8.3 on Kong. It has been classified as problematic. This affects an unknown part of the component Login API. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitability is told to be difficult. The...

5.9CVSS4.3AI score0.00726EPSS
Exploits0References4
nvd
nvd
added 2023/04/29 1:15 a.m.22 views

CVE-2023-2418

A vulnerability was found in Konga 2.8.3 on Kong. It has been classified as problematic. This affects an unknown part of the component Login API. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitability is told to be difficult. The...

5.9CVSS4.5AI score0.00726EPSS
Exploits0References4
prion
prion
added 2023/04/29 1:15 a.m.26 views

Design/Logic Flaw

A vulnerability was found in Konga 2.8.3 on Kong. It has been classified as problematic. This affects an unknown part of the component Login API. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitability is told to be difficult. The...

1.8CVSS5.8AI score0.00726EPSS
Exploits0References4Affected Software1
cve
cve
added 2023/04/29 12:31 a.m.57 views

CVE-2023-2418

CVE-2023-2418 affects Konga version 2.8.3 running on Kong. The issue is in the Login API component, where handling leads to insufficiently random values. The documented attack complexity is high and exploitability is difficult, with multiple sources indicating the vulnerability could be exploited...

5.9CVSS4.8AI score0.00726EPSS
Exploits0References4Affected Software1
cvelist
cvelist
added 2023/04/29 12:31 a.m.22 views

CVE-2023-2418 Konga Login API random values

A vulnerability was found in Konga 2.8.3 on Kong. It has been classified as problematic. This affects an unknown part of the component Login API. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitability is told to be difficult. The...

3.1CVSS6AI score0.00726EPSS
Exploits0References3
Rows per page
Query Builder