Vulnerability
Konga v0.14.9 is affected by an incorrect access control vulnerability where a specially crafted request can lead to privilege escalation.
Description
The latest release of Konga, i.e., Konga v0.14.9, has a privilege escalation vulnerability which allows normal users to gain admin privileges.
CVE-ID
CVE-2021-42192
Vendor
Konga
Product
Konga v0.14.9
Disclosure Timeline
Reported On: Oct 16, 2021
Made Public On: 4th May, 2022
Fixed On: –
Credits
Debjeet Banerjee