CVE-2023-39846
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Aug 16, 2023
Updated: Aug 22, 2023
CWE ID 287
Summary
CVE-2023-39846 is a vulnerability affecting Konga version 0.14.9. This issue enables unauthorized access as attackers can bypass authentication checks by crafting a malicious JSON Web Token (JWT). The vulnerability poses a significant risk as it allows attackers to gain unauthorized access to protected resources without proper authorization. Konga users are strongly urged to update to a patched version to mitigate this threat. Failure to address this issue could result in data breaches or system compromise.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share