PT-2023-19459 · Konga · Konga
The_Whovian
·
Published
2023-04-29
·
Updated
2024-05-17
·
CVE-2023-2418
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Konga version 2.8.3
Description
A problem was found in the Login API component, leading to insufficiently random values. The complexity of an attack is rather high, and the exploitability is difficult. The issue has been disclosed to the public and may be used.
Recommendations
For Konga version 2.8.3, it is recommended to change the configuration settings.
Exploit
Fix
Use of Insufficiently Random Values
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Konga