exploitDog

CVE-2021-42192

Опубликовано: 04 мая 2022

Источник: nvd

CVSS3: 8.8

CVSS2: 9

EPSS Средний

Описание

Konga v0.14.9 is affected by an incorrect access control vulnerability where a specially crafted request can lead to privilege escalation.

Ссылки

https://docs.google.com/document/d/1-YU9zWiDVUps3Mb6zos3996yvZ48vW_vfOvaJLLHc4I/edit?usp=sharing
Exploit
Third Party Advisory
https://github.com/pantsel/konga/
Product
Third Party Advisory
https://github.com/pantsel/konga/commit/d61535277aced18b5be0313ab2d124f60f649978
https://github.com/whokilleddb/Konga-Privilege-Escalation-Exploit
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/50521
Exploit
Third Party Advisory
VDB Entry
https://docs.google.com/document/d/1-YU9zWiDVUps3Mb6zos3996yvZ48vW_vfOvaJLLHc4I/edit?usp=sharing
Exploit
Third Party Advisory
https://github.com/pantsel/konga/
Product
Third Party Advisory
https://github.com/pantsel/konga/commit/d61535277aced18b5be0313ab2d124f60f649978
https://github.com/whokilleddb/Konga-Privilege-Escalation-Exploit
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/50521
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:konga_project:konga:0.14.9:*:*:*:*:*:*:*

EPSS

Процентиль: 96%

0.23456

Средний

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-863

Связанные уязвимости

GHSA-g934-4c2x-9pcq

CVSS3: 8.8

github

почти 4 года назад

Konga v0.14.9 is affected by an incorrect access control vulnerability where a specially crafted request can lead to privilege escalation.

EPSS

Процентиль: 96%

0.23456

Средний

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-863