CVE-2023-39846

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 16, 2023
Updated: Aug 22, 2023
CWE ID 287

Summary

CVE-2023-39846 is a vulnerability affecting Konga version 0.14.9. This issue enables unauthorized access as attackers can bypass authentication checks by crafting a malicious JSON Web Token (JWT). The vulnerability poses a significant risk as it allows attackers to gain unauthorized access to protected resources without proper authorization. Konga users are strongly urged to update to a patched version to mitigate this threat. Failure to address this issue could result in data breaches or system compromise.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share