Lucene search

@huntrdevCVE-2022-4806

HistoryDec 28, 2022 - 2:15 p.m.

CVE-2022-4806

2022-12-2814:15:11

CWE-639

@huntrdev

web.nvd.nist.gov

cve

2022

4806

authorization bypass

github

repository

usememos

memos

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

30.4%

JSON

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.

Affected configurations

Nvd

Node

usememosmemosRange<0.9.1

VendorProductVersionCPE
usememosmemos*cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
usememos	memos	*	cpe:2.3:a:usememos:memos::::::::

CNA Affected

[
  {
    "vendor": "usememos",
    "product": "usememos/memos",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "0.9.1",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53

huntr.dev/bounties/2c7101bc-e6d8-4cd0-9003-bc8d86f4e4be

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

30.4%

JSON

Related for CVE-2022-4806