Lucene search

@huntrdevCVELIST:CVE-2022-4863

HistoryDec 30, 2022 - 12:00 a.m.

CVE-2022-4863 Improper Handling of Insufficient Permissions or Privileges in usememos/memos

2022-12-3000:00:00

CWE-280

@huntrdev

www.cve.org

cve-2022-4863

insufficient permissions

privileges

github

repository

CVSS3

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

32.4%

JSON

Improper Handling of Insufficient Permissions or Privileges in GitHub repository usememos/memos prior to 0.9.1.

CNA Affected

[
  {
    "vendor": "usememos",
    "product": "usememos/memos",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "0.9.1",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53

huntr.dev/bounties/42751929-e511-49a9-888d-d5b610da2a45

CVSS3

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

32.4%

JSON

Related for CVELIST:CVE-2022-4863