{"vulnerability": "CVE-2023-39846", "sightings": [{"uuid": "5707619c-d77b-43e3-b818-97df1d0613e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39846", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/1035", "content": "CVE-2023-39846: Konga \u0646\u0633\u062e\u0647 0.14.9 - \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0627\u0632 \u0637\u0631\u06cc\u0642 \u06cc\u06a9 \u062a\u0648\u06a9\u0646 JWT \u0633\u0627\u062e\u062a\u0647 \u0634\u062f\u0647 (\u062f\u0633\u062a\u0631\u0633\u06cc \u063a\u06cc\u0631\u0645\u062c\u0627\u0632 Konga) \u062f\u0648\u0631 \u0632\u062f\u0646\n\u0644\u06cc\u0646\u06a9: https://abyssaler.github.io/post/konga%20Unauthorized%20access\n\nCVE-2023-39846 :  Konga v0.14.9 - Bypass authentication via a crafted JWT token (Konga Unauthorized access)\nLink : https://abyssaler.github.io/post/konga%20Unauthorized%20access", "creation_timestamp": "2024-04-28T16:31:10.000000Z"}, {"uuid": "331f7c05-36b6-4205-b9fe-f230645f30e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39846", "type": "seen", "source": "https://t.me/cibsecurity/68714", "content": "\u203c CVE-2023-39846 \u203c\n\nAn issue in Konga v0.14.9 allows attackers to bypass authentication via a crafted JWT token.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-17T02:37:03.000000Z"}]}