CVE-2021-44103

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-44103
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-42192. Reason: This candidate is a duplicate of CVE-2021-42192. Notes: All CVE users should reference CVE-2021-42192 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

12 Jul 2022, 17:42

Type Values Removed Values Added
CWE NVD-CWE-Other

13 Jun 2022, 17:15

Type Values Removed Values Added
CWE CWE-269
CVSS v2 : 6.5
v3 : 8.8 		v2 : unknown
v3 : unknown
CPE cpe:2.3:a:konga_project:konga:0.14.9:*:*:*:*:*:*:*
References
  • {'url': 'https://www.exploit-db.com/exploits/50521', 'name': 'https://www.exploit-db.com/exploits/50521', 'tags': ['Exploit', 'Third Party Advisory', 'VDB Entry'], 'refsource': 'MISC'}
  • {'url': 'http://n0hat.blogspot.com/2021/11/konga-0149-privilege-escalation-exploit.html', 'name': 'http://n0hat.blogspot.com/2021/11/konga-0149-privilege-escalation-exploit.html', 'tags': ['Exploit', 'Third Party Advisory'], 'refsource': 'MISC'}
Summary Vertical Privilege Escalation in KONGA 0.14.9 allows attackers to higher privilege users to full administration access. The attack vector is a crafted condition, as demonstrated by the /api/user/{ID} at ADMIN parameter. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-42192. Reason: This candidate is a duplicate of CVE-2021-42192. Notes: All CVE users should reference CVE-2021-42192 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

04 Apr 2022, 20:27

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : 6.5
v3 : 8.8
CPE cpe:2.3:a:konga_project:konga:0.14.9:*:*:*:*:*:*:*
References (MISC) http://n0hat.blogspot.com/2021/11/konga-0149-privilege-escalation-exploit.html - (MISC) http://n0hat.blogspot.com/2021/11/konga-0149-privilege-escalation-exploit.html - Exploit, Third Party Advisory
References (MISC) https://www.exploit-db.com/exploits/50521 - (MISC) https://www.exploit-db.com/exploits/50521 - Exploit, Third Party Advisory, VDB Entry
CWE CWE-269

28 Mar 2022, 15:10

Type Values Removed Values Added
New CVE
Information

Published : 2022-03-28 14:15

Updated : 2024-02-04 22:29

NVD link : CVE-2021-44103

Mitre link : CVE-2021-44103

CVE.ORG link : CVE-2021-44103

JSON object : View

Products Affected

No product.

CWE
NVD-CWE-Other