PT-2023-19459 · Konga · Konga

The_Whovian

Publicado

2023-04-29

Atualizado

2024-05-17

CVE-2023-2418

CVSS v3.1

5.9

Média

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Konga version 2.8.3

Description A problem was found in the Login API component, leading to insufficiently random values. The complexity of an attack is rather high, and the exploitability is difficult. The issue has been disclosed to the public and may be used.

Recommendations For Konga version 2.8.3, it is recommended to change the configuration settings.

Exploit

Correção

Use of Insufficiently Random Values

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-330

Identificadores relacionados

CVE-2023-2418

GHSA-9G4C-XM3G-F8HQ

Produtos afetados

Konga

PT-2023-19459 · Konga · Konga

CVE-2023-2418

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7