Konga v0.14.9 is affected by an incorrect access control vulnerability where a specially crafted request can lead to privilege escalation.
The latest release of Konga, i.e., Konga v0.14.9, has a privilege escalation vulnerability which allows normal users to gain admin privileges.
Reported On: Oct 16, 2021
Made Public On: 4th May, 2022
Fixed On: –