Lucene search

@huntrdevCVE-2022-4812

HistoryDec 28, 2022 - 2:15 p.m.

CVE-2022-4812

2022-12-2814:15:11

CWE-639

@huntrdev

web.nvd.nist.gov

cve-2022-4812

authorization bypass

github

repository

usememos

memos

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

21.8%

JSON

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.

Affected configurations

Nvd

Node

usememosmemosRange<0.9.1

VendorProductVersionCPE
usememosmemos*cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
usememos	memos	*	cpe:2.3:a:usememos:memos::::::::

CNA Affected

[
  {
    "vendor": "usememos",
    "product": "usememos/memos",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "0.9.1",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53

huntr.dev/bounties/33924891-5c36-4b46-b417-98eaab688c4c

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

21.8%

JSON

Related for CVE-2022-4812