Vulnerability Details CVE-2021-42192
Konga v0.14.9 is affected by an incorrect access control vulnerability where a specially crafted request can lead to privilege escalation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.33
EPSS Ranking 96.7%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
References
- https://docs.google.com/document/d/1-YU9zWiDVUps3Mb6zos3996yvZ48vW_vfOvaJLLHc4I/edit?usp=sharing
- https://github.com/pantsel/konga/
- https://github.com/pantsel/konga/commit/d61535277aced18b5be0313ab2d124f60f649978
- https://github.com/whokilleddb/Konga-Privilege-Escalation-Exploit
- https://www.exploit-db.com/exploits/50521
- https://docs.google.com/document/d/1-YU9zWiDVUps3Mb6zos3996yvZ48vW_vfOvaJLLHc4I/edit?usp=sharing
- https://github.com/pantsel/konga/
- https://github.com/pantsel/konga/commit/d61535277aced18b5be0313ab2d124f60f649978
- https://github.com/whokilleddb/Konga-Privilege-Escalation-Exploit
- https://www.exploit-db.com/exploits/50521
Products affected by CVE-2021-42192
-
cpe:2.3:a:konga_project:konga:0.14.9