57 matches found
CVE-2023-39846
An issue in Konga v0.14.9 allows attackers to bypass authentication via a crafted JWT token...
CVE-2023-39846
An issue in Konga v0.14.9 allows attackers to bypass authentication via a crafted JWT token...
Authentication flaw
An issue in Konga v0.14.9 allows attackers to bypass authentication via a crafted JWT token...
Konga 授权问题漏洞
KONGA is a full-featured, open source, multi-user GUI from the Dutch individual developer Panagis Tselentis. A security vulnerability exists in Konga version v0.14.9, which stems from a vulnerability that allows an attacker to bypass authentication via a crafted JWT token...
CVE-2023-39846
An issue in Konga v0.14.9 allows attackers to bypass authentication via a crafted JWT token...
CVE-2023-39846
An issue in Konga v0.14.9 allows attackers to bypass authentication via a crafted JWT token...
CVE-2023-39846
CVE-2023-39846 affects Konga v0.14.9 and enables authentication bypass via a crafted JWT token. The CVSSv3.1 base score is 9.8 (CRITICAL) with Network attack vector, low complexity, and no privileges/user interaction required. Documented impact is total compromise of confidentiality, integrity, a...
CVE-2023-26987
An issue discovered in Konga 0.14.9 allows remote attackers to manipulate user accounts regardless of privilege via crafted POST request...
Cross site request forgery (csrf)
An issue discovered in Konga 0.14.9 allows remote attackers to manipulate user accounts regardless of privilege via crafted POST request...
PT-2023-20890 · Konga · Konga
Name of the Vulnerable Software and Affected Versions: Konga version 0.14.9 Description: An issue in Konga allows remote attackers to manipulate user accounts, regardless of privilege, via a crafted POST request. Recommendations: For Konga version 0.14.9, at the moment, there is no information...
Konga 安全漏洞
KONGA is a full-featured, open source, multi-user GUI from the Dutch individual developer Panagis Tselentis. A security vulnerability exists in Konga version 0.14.9, which stems from a vulnerability that could allow a remote attacker to manipulate user accounts via a crafted POST request...
CVE-2023-26987
CVE-2023-26987 affects Konga 0.14.9, where a crafted POST request enables remote attackers to manipulate user accounts regardless of privilege. The connected sources confirm the issue and describe the impact as unauthorized account manipulation via network-accessible input, with the root cause de...
CVE-2023-26987
An issue discovered in Konga 0.14.9 allows remote attackers to manipulate user accounts regardless of privilege via crafted POST request...
CVE-2023-26987
An issue discovered in Konga 0.14.9 allows remote attackers to manipulate user accounts regardless of privilege via crafted POST request...
CVE-2023-26987
An issue discovered in Konga 0.14.9 allows remote attackers to manipulate user accounts regardless of privilege via crafted POST request...
CVE-2023-2418
A vulnerability was found in Konga 2.8.3 on Kong. It has been classified as problematic. This affects an unknown part of the component Login API. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitability is told to be difficult. The...
CVE-2023-2418
A vulnerability was found in Konga 2.8.3 on Kong. It has been classified as problematic. This affects an unknown part of the component Login API. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitability is told to be difficult. The...
Design/Logic Flaw
A vulnerability was found in Konga 2.8.3 on Kong. It has been classified as problematic. This affects an unknown part of the component Login API. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitability is told to be difficult. The...
CVE-2023-2418
CVE-2023-2418 affects Konga version 2.8.3 running on Kong. The issue is in the Login API component, where handling leads to insufficiently random values. The documented attack complexity is high and exploitability is difficult, with multiple sources indicating the vulnerability could be exploited...
CVE-2023-2418 Konga Login API random values
A vulnerability was found in Konga 2.8.3 on Kong. It has been classified as problematic. This affects an unknown part of the component Login API. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitability is told to be difficult. The...