Products
EXPLIoT CloudFuzz

Technical
Advisory

Through sharp, technical and insightful analysis, the Payatu Team is constantly on the lookout for vulnerabilities and threats. This section exhibits a few of our findings.

...
...

Privilege Escalation in Konga v0.14.9

Vulnerability

Konga v0.14.9 is affected by an incorrect access control vulnerability where a specially crafted request can lead to privilege escalation.

Description

The latest release of Konga, i.e., Konga v0.14.9, has a privilege escalation vulnerability which allows normal users to gain admin privileges.

CVE-ID

CVE-2021-42192

Vendor

Konga

Product

Konga v0.14.9

Disclosure Timeline

Reported On: Oct 16, 2021

Made Public On: 4th May, 2022

Fixed On: –

Credits

Debjeet Banerjee