Skip to main content

Conga

4 CVEs product

Monthly

CVE-2014-3521 MEDIUM This Month

The component in (1) /luci/homebase and (2) /luci/cluster menu in Red Hat Conga 0.12.2 allows remote authenticated users to bypass intended access restrictions via a crafted URL. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Conga
NVD
CVSS 2.0
5.5
EPSS
0.2%
CVE-2013-6496 MEDIUM This Month

Red Hat Conga 0.12.2 allows remote attackers to obtain sensitive information via a crafted request to the (1) homebase, (2) cluster, (3) storage, (4) portal_skins/custom, or (5) logs Luci extension. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Conga
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-7347 LOW Monitor

Luci in Red Hat Conga does not properly enforce the user session timeout, which might allow attackers to gain access to the session by reading the __ac session cookie. Rated low severity (CVSS 3.7). No vendor patch available.

Red Hat Privilege Escalation Conga Enterprise Linux
NVD VulDB
CVSS 2.0
3.7
EPSS
0.1%
CVE-2012-3359 LOW Monitor

Luci in Red Hat Conga stores the user's username and password in a Base64 encoded string in the __ac session cookie, which allows attackers to gain privileges by accessing this cookie. Rated low severity (CVSS 3.7). No vendor patch available.

Red Hat Authentication Bypass Conga Enterprise Linux
NVD VulDB
CVSS 2.0
3.7
EPSS
0.1%
EPSS 0% CVSS 5.5
MEDIUM This Month

The component in (1) /luci/homebase and (2) /luci/cluster menu in Red Hat Conga 0.12.2 allows remote authenticated users to bypass intended access restrictions via a crafted URL. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Conga
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Red Hat Conga 0.12.2 allows remote attackers to obtain sensitive information via a crafted request to the (1) homebase, (2) cluster, (3) storage, (4) portal_skins/custom, or (5) logs Luci extension. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Conga
NVD
EPSS 0% CVSS 3.7
LOW Monitor

Luci in Red Hat Conga does not properly enforce the user session timeout, which might allow attackers to gain access to the session by reading the __ac session cookie. Rated low severity (CVSS 3.7). No vendor patch available.

Red Hat Privilege Escalation Conga +1
NVD VulDB
EPSS 0% CVSS 3.7
LOW Monitor

Luci in Red Hat Conga stores the user's username and password in a Base64 encoded string in the __ac session cookie, which allows attackers to gain privileges by accessing this cookie. Rated low severity (CVSS 3.7). No vendor patch available.

Red Hat Authentication Bypass Conga +1
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy